With the adoption of the Cybersecurity Act (CSA), a new framework for cybersecurity certification is introduced within the EU. This framework provides an EU-wide approach towards cybersecurity certification where issued certificates are applicable across the EU and valid in all member states.
EU cybersecurity certificates provide businesses and consumers with accurate information regarding the security assurance of certified ICT products and services. While certification does not guarantee that an ICT product or service is cyber-secure (as explicitly stated in the CSA), an EU cybersecurity certificate does demonstrate compliance with the criteria of a cybersecurity scheme. European cybersecurity certification is voluntary, but it can and likely will be used to demonstrate compliance with other EU or member state laws.
Each EU cybersecurity certificate provides information about its validity and the certification scheme under which it was issued. Currently, no EU cybersecurity certificates have been issued. Once the first certificate is issued, this website will maintain an overview of all EU cybersecurity certificates issued within the Netherlands. The European cybersecurity agency ENISA will also maintain a website with all issued certificates.
The Netherlands has implemented the prior approval model, which enables certification projects to conclude in a predictable and timely manner. All EU cybersecurity certificates issued in the Netherlands are subject to supervision by the Dutch National Cybersecurity Certification Authority (NCCA)
Have you heard about eu cyber security certification? If not, this is what you should know about it. In today's ICT market how is it possible to compare the level of security of solutions? Some of these solutions call themselves cyber secure and trustworthy while others carry various labels. This leaves ICT consumers with complicated choices developers and service providers wishing to enter new markets might need to comply with numerous security requirements. This lack of harmonization results in high costs for enterprises. To address this challenge the European Union is developing EU cybersecurity certification which provides evidence of compliance to a given level of trust. ENISA the European Union agency for cyber security is developing certification schemes for ict products, cloud services, 5G and more are to come according to market needs. Once in force each EU country will be able to perform and issue cybersecurity certification under the new framework. EU certificates will be recognized in a harmonized way across the union. So what to expect? This way developers and service providers will only need a single certification to address a market of 500 million EU citizens. Users will be able to easily benchmark ICT products and services based on their needs in terms of trust and security. ENISA is also working on guidance documents for developers, service providers ,auditors, evaluators and national cyber authorities to help move forward EU certification. This ecosystem also tests the new certification framework to make sure that the proposed approach and measures are accurate. follow ENISA on social media to find out more and join us at the ENISA cybersecurity certification conference.
© ENISA - Creative Commons 4.0
CSA certification schemes
In order to certify a wide range of products and services in the field of cybersecurity, multiple certification schemes are being developed under the Cybersecurity Act. Each scheme has its own scope, specific applications, and set of certification requirements.
Below, you will find a brief introduction to the schemes that are currently active or will become active in the near future.
Common Criteria certification
The "Common Criteria-based European Cybersecurity Certification Scheme" (EUCC) is a certification scheme developed for the EU cybersecurity certification of ICT products. Common Criteria is a set of specifications and guidelines designed to evaluate and certify software, hardware and firmware in the area of cybersecurity.
Cloud Services certification
The "European Cybersecurity Certification Scheme for Cloud Services" (EUCS) is one of the first schemes being developed under the CSA. This scheme boosts trust in cloud services by defining a reference set of security requirements. It is applicable for all kinds of cloud services – IaaS, PaaS, SaaS, and other Cloud Services including subservices.