ENISA
https://www.enisa.europa.eu
Security guidelines on the appropriate use of qualified electronic seals
https://www.enisa.europa.eu/publications/security-guidelines-on-the-appropriate-use-of-qualified-electronic-seals
This document addresses qualified electronic seals and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery and website authentication certificates to understand the subject correctly as-well-as the potential benefits, amongst others, by giving examples of possible application. This series of documents also targets to give those parties some advice on how to correctly use the related qualified trust services.No publisherTrust service providerseIDIdentity & Trust2017/05/07 23:00:00 GMT+2Report/StudySecurity guidelines on the appropriate use of qualified electronic time stamps
https://www.enisa.europa.eu/publications/security-guidelines-on-the-appropriate-use-of-qualified-electronic-time-stamps
This document addresses qualified electronic time stamps and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates to understand the subject correctly as-well-as the potential benefits, amongst others, by giving examples of possible application. This series of documents also targets to give those parties some advice on how to correctly use the related qualified trust services. No publisherTrust service providerseIDIdentity & Trust2017/05/07 23:00:00 GMT+2Report/StudySecurity framework for Trust Service Providers - Technical guidelines on trust services
https://www.enisa.europa.eu/publications/tsp-security
Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and notify competent bodies of any breach of security or loss of integrity that has a significant impact on the trust service provided or on the personal data maintained therein.No publisherTrust ServicesTrust service providerseID2017/12/19 18:50:00 GMT+2Report/StudyScaling new heights: Implementation and Uptake of Trust Services under the eIDAS Regulation
https://www.enisa.europa.eu/news/enisa-news/scaling-new-heights-implementation-and-uptake-of-trust-services-under-the-eidas-regulation
A survey recently carried out by ENISA marks the positive tendency of Trust services to break through the barriers of large-scale business transformation processes in such applications as finance, healthcare and beyond.No publisherTrust ServicesTrust service providerseIDAS2018/01/24 13:25:00 GMT+2News ItemRecommendations on aligning research programme with policy
https://www.enisa.europa.eu/publications/recommendations-on-aligning-research-programme-with-policy
The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and support emerging policy and legislative initiatives, namely eIDAS, GDPR, support industry policy in cybersecurity, and provide recommendations on the formulation of forthcoming work programmesNo publisherTrust service providersData protection2017/05/07 23:00:00 GMT+2Report/StudyRecommendations for QTSPs based on Standards - Technical guidelines on trust services
https://www.enisa.europa.eu/publications/tsp-standards
Following the publication of the eIDAS Regulation, a set of secondary and co-regulatory acts had to be published in order to provide technical guidance on how to implement the specific requirements of the eIDAS Regulation (in the TSP part of eIDAS, the European Commission decided to publish only the mandatory ones). ENISA aimed to develop a concise set of technical guidelines implementing the eIDAS Regulation in the non-mandatory articles, for voluntary use of all stakeholders, including Trust Service Providers, Supervisory Bodies and Conformity Assessment Bodies. The objective of this document is to provide guidelines for fulfilling requirements originating from the following articles of the eIDAS Regulation: No publisherTrust ServicesTrust service providerseID2017/12/19 18:50:00 GMT+2Report/StudyQualified Website Authentication Certificates
https://www.enisa.europa.eu/publications/qualified-website-authentication-certificates
This report proposes six strategies and twelve recommended actions as an escalated approach that targets the most important aspects detected to be critical for (i) improving the website authentication market in Europe and (ii) successfully introducing qualified website authentication certificates as a means to increase transparency in this market.No publisherTrust service providers2016/05/15 23:00:00 GMT+2Report/StudyOverview from ENISA's Trust Services Forum 2016
https://www.enisa.europa.eu/news/enisa-news/overview-from-enisas-trust-services-forum-2016
The 2016 edition focused on emerging issues related to trust services across Europe, as the date of entry of the provisions related to trust services of the eIDAS Regulation approaches, coming into force on July 1st 2016.No publisherTrust service providersIdentity & Trust2016/06/03 17:05:00 GMT+2News ItemImplementation of article 15
https://www.enisa.europa.eu/publications/implementation-of-article-15
E-Government services have significant potential to make public services more efficient for the benefit of citizens and businesses in terms of time and money. And while these benefits are increasingly being felt nationally, e-Government services still face administrative and legal barriers on a cross-border level, although pan-European projects like STORK have shown that technical issues of interoperability of electronic identifications can be overcome. In order to remove existing barriers for cross-border e- ID based services the European Commission has proposed a draft regulation on electronic identification and trust services for electronic transactions in the internal market, which will replace the existing Electronic Signature Directive 1999/93/EC.No publisherTrust service providers2012/12/19 17:10:00 GMT+2Report/StudyGuidelines on Termination of Qualified Trust Services
https://www.enisa.europa.eu/publications/tsp-termination
This document proposes guidelines to SB and (Q)TSP aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of termination of trust services. Termination of QTS is addressed here in a broad sense covering from partial to complete cessation of a QTS. Partial termination includes termination of one or more of (technical) service entries listed in the corresponding trusted list that are (collectively) used to indicate the grant of qualified status for the provision of a specific type of QTS.No publisherTrust ServicesTrust service providerseIDAS2017/12/19 18:50:00 GMT+2Report/StudyGuidelines on Supervision of Qualified Trust Services - Technical guidelines on trust services
https://www.enisa.europa.eu/publications/tsp-supervision
This document is one deliverable out of a series whose objective is to propose guidelines aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of qualified trust services. It document proposes guidelines on supervision of qualified trust service providers pursuant to Art.20 of the eIDAS Regulation.No publisherTrust ServicesTrust service providerseID2017/12/19 18:50:00 GMT+2Report/StudyGuidelines on Initiation of Qualified Trust Services - Technical guidelines on trust services
https://www.enisa.europa.eu/publications/tsp-initiation
This document is one deliverable out of a series whose objective is to propose guidelines aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of qualified trust services. It proposes guidelines on initiation of qualified trust services pursuant to Art.21.1 of the eIDAS Regulation and should be read together with the one that proposes guidelines on supervision of qualified trust service providers.No publisherTrust ServicesTrust service providerseID2017/12/19 18:50:00 GMT+2Report/StudyGuidelines for trust service providers - Part 2: Risk assessment
https://www.enisa.europa.eu/publications/tsp2-risk
This document covers the following aspects of Trust Service Providers operations: • Assets: identification, classification and evaluation • Threats to assets: classification and evaluation • Vulnerabilities present in the environment • Probability or frequency of the threat • The impact that the exposure can have on the organization • Countermeasures that can reduce the impact • The residual risk, risk acceptance, risk treatment plan, etc.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/StudyGuidelines for trust service providers - Part 3: Mitigating the impact of security incidents
https://www.enisa.europa.eu/publications/tsp3-incidents
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a certification service provider (CSP) as representative example. The document focuses on the concepts and entities of hierarchical public key infrastructures (PKI), leaving other concepts, such as web of trust, out of scope.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/StudyGuidelines for trust service providers - Part 1: Security framework
https://www.enisa.europa.eu/publications/tsp1-framework
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically outlines security requirements for qualified and non-qualified trust service providers. It references the most important standards and standardization bodies involved in technical specification, as well as certification, auditing and supervision schemes that can be used in order to qualify as a notified trust service provider. The document also presents result of a survey conducted by ENISA amongst European trust service providers related to the different aspects. Finally, the document gives some summary recommendations for TSPs considering standards and auditing schemes.No publisherTrust service providers2014/01/28 00:10:00 GMT+2Report/Study