ENISA technical guidelines for Trust Service Providers
In order to ensure uniform conditions for its implementation, the eIDAS Regulation confers implementing powers to the European Commission, to promulgate implementation specifications or to reference standards the use of which would raise a presumption of compliance with select requirements laid down in the eIDAS Regulation. Already in 2009, the European Commission issued Standardisation Mandate 460 to CEN, CENELEC and ETSI to update the existing eSignature standardisation deliverables in view of establishing a fully rationalised framework, which would solve the issues raised in actual use of eSignatures in the EU.
In 2014 ENISA publishedthat explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. also discusses concrete standardisation activities associated with electronic IDs and trust service providers, providing an overview of standards developed under the mandate m460 from the European Commission and others, related to eIDAS Regulation. It concludes with a proposal of a standard on cryptographic suites for electronic signatures and infrastructures, put forward by ENISA and related to the ETSI TS 119 312.
In 2015 ENISA has produced a report, which on one hand analyses the eIDAS requirements with regard to the standards, on the other analyses currently available standards and compares the results of both analyses. The analysis presented in this report led, however, to a shortlist of gaps, where specific eIDAS requirements have yet to be addressed in EU standards (ETSI/CEN/CENELEC) or international ones.
Also in the area of tehnical guidelines for eIDAS, ENISA produced in 2014 a report,, which contains recommendations of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site), TSPs documentation (plans, policies and procedures) and implementation of TSPs services.