News Item

Standards flying: improving the recognition of ICT security standards

ENISA publishes a report that provides an assessment on the maturity of the implementation of the European Cyber Security Standardisation activities in the EU Member States with respect to the NIS Directive.

Published on February 01, 2018

© Copyright: Shutterstock

The main assertions of this report include the following:

  • Standardisation for compliance with the NIS Directive is essential;
  • Recognition of standardisation in policy has generally be deemed to be low;
  • Utilisation of standards add value to Member States and their infrastructure;
  • The use of standards raises Cyber Security levels of compliance and effectiveness;
  • The use of standards provides sustainability and interoperability at European level and beyond.

Based on a survey only inconclusive suggestions can be made with regard to a perceived lack of knowledge of standards. If an appropriate standard is available, it is reasonable to expect that it will be adopted or applied. For example, even though the ISO27000 series of standards consists of sets of broad guidance, there is a well-established eco-system that supports their implementation.

In terms of the NIS Directive, however a major concern stems from the fact that it is the prerogative of the MS concerned to seek implementation. Where cross-border information sharing is required, this requirement has been interpreted as a competence under existing CSIRT relationships used for reporting security incidents; it would be far more effective of course to broadly seek compliance with the NIS Directive within and across borders.

To improve the current situation the main recommendations of the report include:

  • Appropriate training initiatives to be undertaken at the level of Member States;
  • Promoting new work items in the European SDOs for some areas (e.g. criteria for defining OES / DSP) or the adoption of appropriate standards in Europe where existing (for example information exchange, where several mature efforts already are in place, like STIX ).


Read the report here: Improving recognition of ICT security standards



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information