Support for the creation of an EU cybersecurity certification framework

A validation workshop has been delivered by the European Union Agency for Cybersecurity to debate with stakeholders on activities in support of the deployment of the EU cybersecurity certification framework.

Pursuant to the EU Cybersecurity Act that entered into force on 27^th June 2019, ENISA supports and promotes the development and implementation of Union policy on cybersecurity certification of ICT products, services and processes.

Objectives

This validation workshop on “Supporting the deployment of the EU Cybersecurity Certification Framework” aimed to present the efforts that ENISA has undertaken since the entry into force of the Act and throughout 2019. Presentations included analysis and recommendations as well as input on the response to Commission requests notably on a Common Criteria scheme.

The objective of this workshop in terms of validating deliverables with stakeholders was met and it demonstrated in practical terms the engagement of the Agency in terms of accountability and stakeholders’ involvement in the production of its output. This is an area to be monitored further.

Topics discussed

The debate on the various deliverables called for engaging discussions with an expert audience on such areas as, handling of vulnerabilities; maintenance of a scheme in Common Criteria; content of a cybersecurity certification scheme; aspects of deployment of a scheme and market buy-in; aspects related to standardisation and the need to align planning certification schemes with the evolution of standards.

Further steps

Responding to Commission requests, ENISA is currently carrying out work on two different cybersecurity certification schemes, related to Common Criteria and Cloud services.

More information

Full news

Bolstering ENISA in the EU Cybersecurity Certification Framework Document

Defence and Security Section