Cybersecurity standards and certification
In the, the EU reaffirms the importance of all stakeholders in the current Internet governance model and supports the multi-stakeholder governance approach. Indeed, the multi-stakeholder approach is fundamental to the development of successful standards, particularly in the area of Cybersecurity where public sector requirements are implemented to a large extent by private sector service providers.
Standardisation activities take place in international, national, and industry-based forums. Within Europe the three European Standards Organizations, CEN, CENELEC, and ETSI cooperate to try and minimize the amount of duplication of standards. ENISA supports European Standards Organizations in achieving a consistent framework for cybersecurity standards in Europe. In this respect, ENISA contributes since 2012 actively to the creation and work of the ETSI CEN-CENELEC cyber security coordination group (CSCG). Furthermore, the Agency supports with different activities the uptake of cybersecurity and privacy standards by European businesses.
Due to the increase of European leguslations related to cybersecurity in the recent years, the need for the implementation of common ICT security certification frameworks against harmonized standards, has become more pressing in order to help European businesses prove a commitment with cybersecurity and regulatory compliance. ENISA started in 2014 to work with the Member States and European industry towards defining common European ICT security certification frameworks.