Search results

38 items matching your search terms.
Filter the results.
Item type

New items since

Sort by relevance · date (newest first) · alphabetically
Report/Study ECMAScript program eID Authentication methods in e-Finance and e-Payment services - Current practices and Recommendations
This report collects the results of a survey launched by ENISA (European Network and Information Security Agency). The main purpose of the survey has been to collect information about the electronic IDentity and Authentication Systems (eIDAS) used in e-Finance and e-Payment systems, to analyse the risks associated to each eIDAS mechanism, and produce a Guidelines report with the best practices recommended to the main actors of this sector: Financial institutions, Merchants and Payment Service providers.
Located in Publications
Report/Study ECMAScript program Qualified Website Authentication Certificates
This report proposes six strategies and twelve recommended actions as an escalated approach that targets the most important aspects detected to be critical for (i) improving the website authentication market in Europe and (ii) successfully introducing qualified website authentication certificates as a means to increase transparency in this market.
Located in Publications
Report/Study Standardisation in the field of Electronic Identities and Trust Service Providers
This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of cyber security are discussed. This is followed by a brief overview of several key EU initiatives in this area and a number of ENISA recommendations. The paper also discusses concrete standardisation activities associated with electronic IDs and trust service providers, providing an overview of standards developed under the mandate m460 from the European Commission and others, related to eIDAS Regulation. It concludes with a proposal of a standard on cryptographic suites for electronic signatures and infrastructures, put forward by ENISA and related to the ETSI TS 119 312.
Located in Publications
Report/Study Trusted e-ID Infrastructures and services in the EU - Recommendations for Trusted Provision of e-Government services
Under the scope of the the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures, ENISA has conducted a study about the security mechanisms and interoperability issues specific to the new regulated trust services. The aim of this report is to complement the report that summarises the results of the survey, also published by ENISA: “TSP services, standards and risk analysis report”, making more specific recommendations to e-Government service providers, encouraging them to use Trusted Third Party service providers to implement the trust services required to give citizens the expected level of confidence and trustwotthines on the services. This document collects the experience of some of the Large Scale Pilots (LSP) funded by the European Commission, that implement trust services defined in the proposed new Regulation (in particular epSOS, e-CODEX and PEPPOL), as cases studies to analyse the current practices and identify gaps and improvement opportunities. Then, the recommendations collected in the Trust Service Providers (TSP) overview report published by ENISA have been adapted for the provision of e-Government Services, which include issues for security practices and risk management.
Located in Publications
Report/Study D source code Trusted e-ID infrastructures and services in EU
ENISA has conducted a survey about the security mechanisms used by TSPs (Trust Service Providers) in Europe, and their interoperability, under the scope of the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures. The survey has addressed several issues of the services that are been offered: security practices, imlemented standards and risk analysis. The document is divided in three different sections: Services, Standards, and Risks. Each section is structured in two parts: The first one shows the general results for all the services, and the second one the specific results for each of the offered services.
Located in Publications
Report/Study Guidelines for trust service providers - Part 1: Security framework
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically outlines security requirements for qualified and non-qualified trust service providers. It references the most important standards and standardization bodies involved in technical specification, as well as certification, auditing and supervision schemes that can be used in order to qualify as a notified trust service provider. The document also presents result of a survey conducted by ENISA amongst European trust service providers related to the different aspects. Finally, the document gives some summary recommendations for TSPs considering standards and auditing schemes.
Located in Publications
Report/Study Guidelines for trust service providers - Part 2: Risk assessment
This document covers the following aspects of Trust Service Providers operations: • Assets: identification, classification and evaluation • Threats to assets: classification and evaluation • Vulnerabilities present in the environment • Probability or frequency of the threat • The impact that the exposure can have on the organization • Countermeasures that can reduce the impact • The residual risk, risk acceptance, risk treatment plan, etc.
Located in Publications
Report/Study text/texmacs Guidelines for trust service providers - Part 3: Mitigating the impact of security incidents
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a certification service provider (CSP) as representative example. The document focuses on the concepts and entities of hierarchical public key infrastructures (PKI), leaving other concepts, such as web of trust, out of scope.
Located in Publications
Workshop on security aspects of TSPs 2013
Located in Events
Report/Study Recommendations for QTSPs based on Standards - Technical guidelines on trust services
Following the publication of the eIDAS Regulation, a set of secondary and co-regulatory acts had to be published in order to provide technical guidance on how to implement the specific requirements of the eIDAS Regulation (in the TSP part of eIDAS, the European Commission decided to publish only the mandatory ones). ENISA aimed to develop a concise set of technical guidelines implementing the eIDAS Regulation in the non-mandatory articles, for voluntary use of all stakeholders, including Trust Service Providers, Supervisory Bodies and Conformity Assessment Bodies. The objective of this document is to provide guidelines for fulfilling requirements originating from the following articles of the eIDAS Regulation:
Located in Publications

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information