The Cyberbeveilgingswet is the Dutch implementation of the European Union Directive NIS2. This stands for “Network and Information Systems”. This Directive is the second in line on this Cbw is the abbreviation of this directive.
The “Cbw Control Framework” is a practical tool that was launched in September 2025 by the Auditdienst Rijk (ADR) in collaboration with NOREA (the Professional Organization of IT Auditors in the Netherlands) and on behalf of the Ministry of the Interior and Kingdom Relations (BZK).
<aside> <img src="/icons/light-bulb_blue.svg" alt="/icons/light-bulb_blue.svg" width="40px" />
You can download the framework and the accompanying study report for free on the official website of the Auditdienst Rijk.
The ADR & NOREA, Cbw (NIS2) Control Framework (2025) is CC-BY 4.0 licensed. This means that we can share it, in any format, adapt it and use it commercially.
</aside>
The framework supports organizations in gaining insight into the extent to which they comply with the Cbw and the underlying decree Cbb (Cyberbeveiligingsbesluit). The aim is to strengthen the cyber resilience of entities that have been designated as essential or important entities.
The framework is specifically intended for:
The framework offers:
With the introduction of the Cbw responsibility for cyber resilience will be explicitly placed with organizations and their directors. The framework marks an important milestone on the road to this legislation and offers organizations a first, structured tool for assessing cyber resilience, identifying gaps, and preparing for compliance.