A pragmatic NIS2-aligned security baseline for server operations – Modular, evidence-driven, and designed for real-world operations – starting with Debian.
lsa.nis2 is an open, modular Ansible-based security package that helps organizations establish a reactive and proactive security baseline aligned with NIS2 requirements.
It focuses on operational safety, incident readiness, and audit-friendly evidence, without breaking applications or over-hardening systems.
Why most “security baselines” fail in practice
- Hardening guides often break applications
- Compliance frameworks are abstract and hard to operationalize
- Many tools focus on prevention only, not on incident readiness
- Evidence for audits is often manual, incomplete, or inconsistent
- Small and mid-sized operators are left alone with enterprise-grade requirements
NIS2 increases accountability — but it does not provide an operational blueprint.
A different approach: operational first, compliance-aware
- Operations-first: stability and uptime before aggressive hardening
- Reactive + Proactive: detection, logging, and recovery matter as much as prevention
- Modular by design: no monolithic role, no lock-in
- Evidence-driven: facts-based, reproducible, auditable
- No auto-reboots, no surprises
Security that operators can actually run.
