• Cybersecurity Certification: EUCC Candidate Scheme

    Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to...

    Published on July 02, 2020
  • Advancing Software Security in the EU

    This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to...

    Published on April 15, 2020
  • Standardisation in support of the Cybersecurity Certification

    The document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations (SDOs) in this context, and discusses various ways how standardisation can support...

    Published on February 04, 2020
  • Standards Supporting Certification

    This report explores five distinct areas, which have frameworks, schemes or standards that can potentially be evolved to EU candidate cybersecurity certification schemes. These five areas are Internet of Things (IoT), cloud infrastructure and...

    Published on February 04, 2020
  • Bolstering ENISA in the EU Cybersecurity Certification Framework

    Under the CSA, the key role reserved for ENISA is to assist in the preparation of candidate cybersecurity certification schemes. In doing so, ENISA needs to interact with both EU Member States and industry stakeholders.

    Published on July 25, 2019
  • Guidance and gaps analysis for European standardisation

    This study aims to a) explore how the standards-developing world is responding to the fast-changing, demanding realm of privacy by mapping existing available standards and initiatives in the area and b) provide insights on the “state-of-the-art”...

    Published on March 15, 2019
  • ICT security certification opportunities in the healthcare sector

    The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.

    Published on January 31, 2019
  • IoT Security Standards Gap Analysis

    This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.

    Published on January 17, 2019
  • Improving recognition of ICT security standards

    This report is a continuation and an extension of previously carried out ENISA work on approaches to the NIS Directive by Member States, which have provided recommendations on standardisation and have outlined the use and management of CSIRTs.

    Published on February 01, 2018
  • Recommendations on European Data Protection Certification

    The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.

    Published on November 27, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Gaps in NIS standardisation - Recommendations for improving NIS in EU standardisation policy

    This report recommends that the European Commission, with the support of the Member States, pursuant to the NIS Directive, adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of...

    Published on March 15, 2017
  • Challenges of security certification in emerging ICT environments

    This report aims to provide decision makers with a thorough description of the security certification status concerning the most impactful equipment in five different critical business sectors. Results of this study should help to improve and...

    Published on February 06, 2017
  • Analysis of standards related to Trust Service Providers - Mapping of requirements of eIDAS to existing standards

    This report on one hand analyses the eIDAS requirements with regard to the standards, on the other analyses currently available standards and compares the results of both analyses. Such a mapping is oriented at the requirements specified in the...

    Published on July 01, 2016
  • Governance framework for European standardisation

    In response to the European Union’s Cybersecurity Strategy, the CSCG has published a White Paper with recommendations on digital security. The CSCG’s recommendations underline the importance of Cybersecurity standardisation to complete the...

    Published on July 01, 2016
  • Definition of Cybersecurity - Gaps and overlaps in standardisation

    This document analyses the usage of this term by various stakeholders and reviews standardisation activities in the area of Cybersecurity, providing an overview of overlaps and gaps in available standards. It has been written by CSCG and ENISA...

    Published on July 01, 2016
  • Information security and privacy standards for SMEs

    The analysis conducted for this study, based on the interviews with subject matter experts and review of available studies, shows that, despite rising concerns on information security risks, the level of SMEs information security and privacy...

    Published on June 17, 2016
  • Standardisation in the field of Electronic Identities and Trust Service Providers

    This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of...

    Published on March 24, 2015

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information