ENISA launched a survey at the end of 2025 to gather factual data on how organisations across industries and of varying sizes are approaching Software Bill of Materials (SBOM) adoption in response to the EU Cyber Resilience Act (CRA). This report…
Technical Competence Requirements for CRA Notified Bodies
The document focuses on high-level competences which will be required to perform conformity assessment activities, in particular the experience and training requirements for the personnel employed by a CAB wishing to be notified (CRA NB) –…
ENISA NIS360
This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…
Cyber Europe 2026: All eyes on the EU’s collective response and resilience
Powered by the EU Agency for Cybersecurity, the 8th edition of the Cyber Europe exercise took place on 10-11 June, with the goal of enhancing cyber preparedness and ensuring continuity of essential services while protecting European rail and…
ENISA Technology and Innovation Radar Methodology
The purpose of this report is to present a comprehensive methodology for identifying and analysing technology signals relevant to the cybersecurity landscape. It outlines the key stages of the process and explains how these variables can be…
National Capabilities Assessment Framework 2.0
This report represents an updated version of ENISA's national capabilities assessment framework (NCAF). The framework aims to help Member States undertake a self-assessment of their level of maturity by assessing their National…
ENISA Cybersecurity Market Analysis Framework (ECSMAF) – V3.0
ENISA's Cybersecurity Market Analysis Framework (ECSMAF) is a guide on how to conduct market analysis, including recurrent market analysis and continuous market monitoring, in the field of cybersecurity. This new version (Version 3.0)…
ENISA Technical Advisory for Secure Use of Package Managers
This document focuses on how developers can securely use package managers as part of their software development life cycle. In particular, this document, outlines common risks involved in the use of third-party packages, presents secure practices…
The ENISA Cybersecurity Exercise Methodology
The methodology offers an end-to-end theoretical framework for planning, running and evaluating cybersecurity exercises. It ensures the right profiles and stakeholders are involved at the right time. It provides theoretical material based on…
ENISA International Strategy 2026
The ENISA International Strategy sets out how the Agency works with international partners to strengthen cybersecurity across the European Union.