Website Security Standards: Is Your Site Compliant?
Is your website security-compliant? Security check for enterprises. Find vulnerabilities, meet NIS2 and GDPR requirements.
Request a security checkWhat do security standards require for websites?
The EU NIS2 Directive requires critical infrastructure operators (under NIS2) to implement adequate IT security measures. But organisations outside that scope should also align with recognised frameworks: BSI IT-Grundschutz (EU/DE), NIST Cybersecurity Framework (US), and NCSC Cyber Essentials (UK). Since NIS2 came into effect (2024), extended obligations apply across many sectors. Gosign checks your website against these security benchmarks.
What Gosign checks in a website security audit
| Area | What is checked | Standard relevance |
|---|---|---|
| HTTPS/TLS configuration | Certificate, protocol version, cipher suites | Baseline |
| Content Security Policy | CSP header, XSS protection | Baseline |
| Server headers | X-Frame-Options, HSTS, Referrer-Policy | Baseline |
| CMS version & extensions | Known vulnerabilities, end-of-life software | NIS2 / NIST CSF |
| Cookie configuration | Secure flag, HttpOnly, SameSite | GDPR + NIS2 |
| Authentication | Login protection, brute-force prevention, 2FA | NIS2 / NIST CSF |
| Data backup | Backup strategy, recovery testing | NIS2 / NIST CSF |
Services
One-time security check
Automated plus manual review. Results report with prioritised recommendations, ranked by risk. AI-accelerated: results in hours, not weeks.
Continuous monitoring
Ongoing monitoring of CMS, extensions, server configuration. Immediate notification when new vulnerabilities are detected.
Hardening & implementation
Gosign implements the recommended measures: CSP headers, TLS configuration, WAF setup, CMS hardening.
Audit documentation
Standards-compliant documentation of your website security measures. For internal audits and external reviewers.
Get your website security checked - 30 minutes, free of charge.
We analyse your website for security vulnerabilities, no obligation.
Request a security check25 years of experience · 800+ extensions · AI-accelerated development
Gosign is a Hamburg-based digital agency with 25 years of experience in web development, TYPO3 and AI integration. We have analysed over 800 TYPO3 extensions and today develop with AI assistance up to 70 % faster than with traditional methods. Our clients include mid-market enterprises, universities and public sector organisations across the EU.
As of: February 2026
Frequently asked questions about website security
Do these security standards apply to my organisation?
Directly: if you are a critical infrastructure operator (under NIS2). Indirectly: the NIS2 Directive extends obligations to many sectors. Regardless of legal requirements, frameworks like NIST CSF (US) and NCSC Cyber Essentials (UK) are considered best practice for any organisation.
What happens after the check?
Gosign delivers a prioritised action plan. Critical gaps addressed first, optimisations sorted by effort and impact. Implementation optionally by Gosign.