ENISA
https://www.enisa.europa.eu
Standardisation in the field of Electronic Identities and Trust Service Providers
https://www.enisa.europa.eu/publications/standards-eidas
This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of cyber security are discussed. This is followed by a brief overview of several key EU initiatives in this area and a number of ENISA recommendations. The paper also discusses concrete standardisation activities associated with electronic IDs and trust service providers, providing an overview of standards developed under the mandate m460 from the European Commission and others, related to eIDAS Regulation. It concludes with a proposal of a standard on cryptographic suites for electronic signatures and infrastructures, put forward by ENISA and related to the ETSI TS 119 312.No publisherTrust service providersStandards2015/03/24 13:30:00 GMT+2Report/StudyTrusted e-ID infrastructures and services in EU
https://www.enisa.europa.eu/publications/trusted-eid
ENISA has conducted a survey about the security mechanisms used by TSPs (Trust Service Providers) in Europe, and their interoperability, under the scope of the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures. The survey has addressed several issues of the services that are been offered: security practices, imlemented standards and risk analysis. The document is divided in three different sections: Services, Standards, and Risks. Each section is structured in two parts: The first one shows the general results for all the services, and the second one the specific results for each of the offered services.No publisherTrust service providers2014/01/28 00:15:00 GMT+2Report/StudyTrusted e-ID Infrastructures and services in the EU - Recommendations for Trusted Provision of e-Government services
https://www.enisa.europa.eu/publications/trusted-egov
Under the scope of the the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures, ENISA has conducted a study about the security mechanisms and interoperability issues specific to the new regulated trust services. The aim of this report is to complement the report that summarises the results of the survey, also published by ENISA: “TSP services, standards and risk analysis report”, making more specific recommendations to e-Government service providers, encouraging them to use Trusted Third Party service providers to implement the trust services required to give citizens the expected level of confidence and trustwotthines on the services. This document collects the experience of some of the Large Scale Pilots (LSP) funded by the European Commission, that implement trust services defined in the proposed new Regulation (in particular epSOS, e-CODEX and PEPPOL), as cases studies to analyse the current practices and identify gaps and improvement opportunities. Then, the recommendations collected in the Trust Service Providers (TSP) overview report published by ENISA have been adapted for the provision of e-Government Services, which include issues for security practices and risk management.No publisherTrust service providers2014/01/28 00:15:00 GMT+2Report/StudyGuidelines for trust service providers - Part 3: Mitigating the impact of security incidents
https://www.enisa.europa.eu/publications/tsp3-incidents
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a certification service provider (CSP) as representative example. The document focuses on the concepts and entities of hierarchical public key infrastructures (PKI), leaving other concepts, such as web of trust, out of scope.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/StudyGuidelines for trust service providers - Part 2: Risk assessment
https://www.enisa.europa.eu/publications/tsp2-risk
This document covers the following aspects of Trust Service Providers operations: • Assets: identification, classification and evaluation • Threats to assets: classification and evaluation • Vulnerabilities present in the environment • Probability or frequency of the threat • The impact that the exposure can have on the organization • Countermeasures that can reduce the impact • The residual risk, risk acceptance, risk treatment plan, etc.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/StudyGuidelines for trust service providers - Part 1: Security framework
https://www.enisa.europa.eu/publications/tsp1-framework
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically outlines security requirements for qualified and non-qualified trust service providers. It references the most important standards and standardization bodies involved in technical specification, as well as certification, auditing and supervision schemes that can be used in order to qualify as a notified trust service provider. The document also presents result of a survey conducted by ENISA amongst European trust service providers related to the different aspects. Finally, the document gives some summary recommendations for TSPs considering standards and auditing schemes.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/StudyeID Authentication methods in e-Finance and e-Payment services - Current practices and Recommendations
https://www.enisa.europa.eu/publications/eIDA-in-e-finance-and-e-payment-services
This report collects the results of a survey launched by ENISA (European Network and Information Security Agency). The main purpose of the survey has been to collect information about the electronic IDentity and Authentication Systems (eIDAS) used in e-Finance and e-Payment systems, to analyse the risks associated to each eIDAS mechanism, and produce a Guidelines report with the best practices recommended to the main actors of this sector: Financial institutions, Merchants and Payment Service providers.No publisherTrust service providers2014/01/21 00:05:00 GMT+2Report/StudyWorkshop on security aspects of TSPs 2013
https://www.enisa.europa.eu/events/workshop
No publisherTrust service providers2013/06/07 14:15:00 GMT+2EventImplementation of article 15
https://www.enisa.europa.eu/publications/implementation-of-article-15
E-Government services have significant potential to make public services more efficient for the benefit of citizens and businesses in terms of time and money. And while these benefits are increasingly being felt nationally, e-Government services still face administrative and legal barriers on a cross-border level, although pan-European projects like STORK have shown that technical issues of interoperability of electronic identifications can be overcome. In order to remove existing barriers for cross-border e- ID based services the European Commission has proposed a draft regulation on electronic identification and trust services for electronic transactions in the internal market, which will replace the existing Electronic Signature Directive 1999/93/EC.No publisherTrust service providers2012/12/19 17:10:00 GMT+2Report/Study