• ENISA Cybersecurity Market Analysis Framework (ECSMAF)

    This document is the cornerstone of ENISA activities in analysing the EU cybersecurity market: it presents a cybersecurity market analysis framework as a “cookbook” on how EU cybersecurity market analyses can be performed.

    Published on April 08, 2022
  • EU Cybersecurity Market Analysis - IoT in Distribution Grid

    This report analyses demand and supply of IoT cybersecurity in distribution grids. It provides detailed indications on how this market might further develop in the future. The conclusions provided in the report are related to the envisaged scope...

    Published on April 08, 2022
  • 5G Cybersecurity Standards

    This report outlines the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. This report focuses on standardisation from a technical and organisational perspective.

    Published on March 16, 2022
  • Risk Management Standards

    The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.

    Published on March 16, 2022
  • Methodology for Sectoral Cybersecurity Assessments

    The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity certification...

    Published on September 13, 2021
  • Public Consultation on the draft Candidate EUCC Scheme

    This report presents the outcome of the public consultation on the first draft of the cybersecurity certification candidate EUCC scheme. The scheme was developed following the request from the European Commission in accordance with Article 48.2 of...

    Published on May 26, 2021
  • Cybersecurity Certification: Candidate EUCC Scheme V1.1.1

    Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to...

    Published on May 25, 2021
  • Cybersecurity Certification Market Study

    This study proposes a set of initial methodological steps to work towards a market analysis on cybersecurity certification of ICT products, ICT services and ICT processes. The performance of a market analysis on cybersecurity certification aims to...

    Published on April 09, 2021
  • Security in 5G Specifications - Controls in 3GPP

    The objective of this report is to help MS implementing the technical measure TM02 from the EU toolbox on 5G security. The report is also intended to help national competent and regulatory authorities get a better picture of the standardisation...

    Published on February 24, 2021
  • EUCS – Cloud Services Scheme

    This publication is a draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services), which looks into the certification of the cybersecurity of cloud services. In accordance with Article 48.2 of the...

    Published on December 22, 2020
  • Cybersecurity Certification: Candidate EUCC Scheme

    Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to...

    Published on July 02, 2020
  • Advancing Software Security in the EU

    This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to...

    Published on April 15, 2020
  • Standardisation in support of the Cybersecurity Certification

    The document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations (SDOs) in this context, and discusses various ways how standardisation can support...

    Published on February 04, 2020
  • Bolstering ENISA in the EU Cybersecurity Certification Framework

    Under the CSA, the key role reserved for ENISA is to assist in the preparation of candidate cybersecurity certification schemes. In doing so, ENISA needs to interact with both EU Member States and industry stakeholders.

    Published on July 25, 2019
  • Guidance and gaps analysis for European standardisation

    This study aims to a) explore how the standards-developing world is responding to the fast-changing, demanding realm of privacy by mapping existing available standards and initiatives in the area and b) provide insights on the “state-of-the-art” of...

    Published on March 15, 2019
  • ICT security certification opportunities in the healthcare sector

    The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.

    Published on January 31, 2019
  • IoT Security Standards Gap Analysis

    This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.

    Published on January 17, 2019
  • Improving recognition of ICT security standards

    This report is a continuation and an extension of previously carried out ENISA work on approaches to the NIS Directive by Member States, which have provided recommendations on standardisation and have outlined the use and management of CSIRTs.

    Published on February 01, 2018
  • Recommendations on European Data Protection Certification

    The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.

    Published on November 27, 2017
  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017
  • Gaps in NIS standardisation - Recommendations for improving NIS in EU standardisation policy

    This report recommends that the European Commission, with the support of the Member States, pursuant to the NIS Directive, adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of...

    Published on March 15, 2017
  • Challenges of security certification in emerging ICT environments

    This report aims to provide decision makers with a thorough description of the security certification status concerning the most impactful equipment in five different critical business sectors. Results of this study should help to improve and...

    Published on February 06, 2017
  • Analysis of standards related to Trust Service Providers - Mapping of requirements of eIDAS to existing standards

    This report on one hand analyses the eIDAS requirements with regard to the standards, on the other analyses currently available standards and compares the results of both analyses. Such a mapping is oriented at the requirements specified in the...

    Published on July 01, 2016
  • Governance framework for European standardisation

    In response to the European Union’s Cybersecurity Strategy, the CSCG has published a White Paper with recommendations on digital security. The CSCG’s recommendations underline the importance of Cybersecurity standardisation to complete the European...

    Published on July 01, 2016
  • Definition of Cybersecurity - Gaps and overlaps in standardisation

    This document analyses the usage of this term by various stakeholders and reviews standardisation activities in the area of Cybersecurity, providing an overview of overlaps and gaps in available standards. It has been written by CSCG and ENISA...

    Published on July 01, 2016
  • Information security and privacy standards for SMEs

    The analysis conducted for this study, based on the interviews with subject matter experts and review of available studies, shows that, despite rising concerns on information security risks, the level of SMEs information security and privacy...

    Published on June 17, 2016
  • Standardisation in the field of Electronic Identities and Trust Service Providers

    This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of...

    Published on March 24, 2015

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information