ENISA Security measures recommendations for Trust Service Providers
The European Union Agency for Network and Information Security (ENISA) developed in 2013 the Guidelines for Trust Service Providers, discussing the minimal security levels to be maintained by the trust services providers. The study is split into three parts:
- Security framework: describing the framework surrounding trust service providers (TPSs), focusing on EU standards, but taking into account others where relevant.
- Risk assessment: discussing the principles and concepts of managing the risks applicaple to TSPs by defining and controlling threats and vulnerabilities.
- Mitigating the impact of security incidents: recommending measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP.
All three parts can also be used separately, as they address different issues and target different audience, so the introductory sections overlap.
ENISA has also published three other reports on the subject of TSP security:
- Trusted e-ID Infrastructures and services in EU: Analysing risks of trust services reported by their providers, and justifying recommendations to improve their security
- Trusted provision of e-government services in the EU: containing recommendations for e-Government service providers, supervisors and citizens to improve their security
- eID Authentication methods in e-Finance and e-Payment services: analysing risks associated to identification of citizens and use of credentials, and providing good practices for financial institutions, merchants and payment service providers to improve citizens' security when they access financial and payment services