Join Us
Sign up to receive updates about the platform launch and more
You will get:
- Access to the online platform upon launch (Q2 2022)
- Exclusive Demo (Available now)
- Invitation to future webinars and events
- Invitation to our unique Investment Platform (Q1 2022)
By clicking Sign up, you agree to receive communications from redalertlabs.com. You can unsubscribe at any time. For information on how to unsubscribe, as well as our privacy practices, please review our Privacy Policy.
EU CYBERSECURITY ACT
In September 2017, the European Commission presented a proposal for a Regulation, dubbed the Cybersecurity Act, with a view to harmonise the current cybersecurity certification activities and policies across the Member States. ENISA has a pivotal role in this new EU cybersecurity certification framework, since it is tasked to prepare candidate securitiy certiifcation schemes.
This platform is intended to guide you through your ICT product, processes and services security certification under the EU Cybersecurity Act. It will provide you with the latest updates on the potential candidate schemes covering EUCC, CLOUD, 5G, IoT, HEALTHCARE and AUTOMOTIVE domains.
Implementation Act
Final Draft Candidate for ECCG (Expected to be finalized early 2022)
5G SECURITY CERTIFICATION
Ongoing
IOT SECURITY CERTIFICATION
Planned
TRUST should be further strengthened by offering information in a transparent manner on the level of security of ICT products, ICT services and ICT processes ...”
“An increase in trust can be facilitated by Union-wide CERTIFICATION providing for common cybersecurity requirements and evaluation criteria across national markets and sectors.”
Cybersecurity Act – Section (7)
Training
We've trained NCCAs, CABs (Labs and CBs), NABs and Vendors. If you want to learn more... or enhance your capabilities to run certifications, feel free to get in touch with us.
CONSUMER
Market
ENTREPRISE
Market
INDUSTRIAL
Market
CRITICAL
Market
The EU cybersecurity certification framework defines a mechanism to establish European cybersecurity certification schemes and to attest that the ICT products, processes and services that have been evaluated in accordance with such schemes comply with specified security requirements. ENISA has a pivotal role in the design of the candidate EU cybersecurity certification schemes. The CSA provides clear guidelines regarding how these schemes should be designed in the articles below:
- Article 51 - Security objectives of European cybersecurity certification schemes
- Article 52 - Assurance levels of European cybersecurity certification schemes
- Article 54 - Elements of European cybersecurity certification schemes
Proposal for REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification ("Cybersecurity Act"), ST 15786 2018 INIT.
BASIC
CONSUMER / ENTREPRISE
A European cybersecurity certificate or an EU statement of conformity referring to assurance level ‘basic’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise the known basic risks of cyberincidents and cyberattacks.
• The evaluation activities should include at least a review of the technical documentation or, failing that, substitute evaluation activities with equivalent effect.sentence or two describing this item.
SUBSTANTIAL
ENREPRISE / INDUSTRIAL
A European cybersecurity certificate referring to assurance level ‘substantial’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise cybersecurity risks, cyberincidents and cyberattacks carried out by actors with limited skills and resources.
• The evaluation activities should include at least:a review to demonstrate the absence of known vulnerabilities;testing to demonstrate that the products, service or processes correctly implement the security functionalities;failing that, substitute evaluation activities with equivalent effect.
HIGH
INDUSTRIAL / CRITICAL
A European cybersecurity certificate referring to assurance level ‘high’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise the risk of state-of-the-art cyberattacks carried out by actors with significant skills and resources.
• The evaluation activities should include at least: a review to demonstrate the absence of known vulnerabilities;testing to demonstrate that the products, service or processes correctly implement the security functionalities;an assessment of their resistance to skilled attackers using penetration testing;failing that, substitute activities.
© 2020