The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission.
The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ENISA in response to a request from the European Commission.
An ad hoc working group made up of subject matter experts from various industrial sectors and National Cybersecurity Certification Authorities of EU member states provided support to ENISA in the design of the candidate scheme.
ENISA is appreciative of the efforts made by the Stakeholder Cybersecurity Certification Group as well as the advice and assistance provided by Member States through the European Cybersecurity Certification Group.
About EUCC The new program is compliant with the EU cybersecurity certification system, as stipulated by the 2019 Cybersecurity Act.
Raising the degree of cybersecurity for ICT goods, services, and procedures on the EU market was the aim of this framework.
It accomplishes this by establishing a thorough set of guidelines, technical standards, specifications, norms, and protocols that must be followed throughout the Union.
The new voluntary EUCC program enables ICT vendors to demonstrate proof of assurance by putting them through a commonly recognized EU assessment procedure.
This approach certifies ICT goods, including hardware, software, and technological components like chips and smartcards.
The program is built around the tried-and-true SOG-IS Common Criteria assessment framework, which is currently in use in 17 EU Member States.
Based on the degree of risk connected to the intended use of the good, service, or process in terms of the likelihood and consequence of an accident, it suggests two levels of assurance.
The complete plan has been customized to meet the requirements of the EU Member States through thorough research and consultation.
European enterprises can compete on a national, Union, and international scale thanks to the certification processes implemented throughout the Union.
Following ECCG's opinion, ENISA forwarded the draft scheme to the European Commission.
As a result, the European Commission issued an implementing act, which was later approved through the pertinent comitology procedure.
The enacted legislation anticipates a transitional period wherein firms will reap the advantages of current certifications obtained under national systems in a subset of Member States.
Accreditation and notice are available to Conformity Assessment Bodies who are interested in evaluating against the EUCC. After evaluating their solutions against any updated or new standards outlined in the EUCC, vendors will be able to convert their current SOG-IS certificates into EUCC ones.
Other certificates Two further cybersecurity certification programs, EUCS for cloud services and EU5G for 5G security are presently being developed by ENISA. Additionally, the Agency is assisting the European Commission and Member States in developing a certification plan for the eIDAS/wallet and has conducted a feasibility assessment on EU cybersecurity certification standards for AI. A managed security services program is envisioned in a recent modification to the Cybersecurity Act proposed by the European Commission.
This Cyber News was published on www.cysecurity.news. Publication date: Tue, 06 Feb 2024 16:43:05 +0000