https://estadosia.files.wordpress.com/2020/06/standardisation-in-support-of-the-cybersecurity-certification.jpg

https://estadosia.files.wordpress.com/2020/02/recommended-information-3.jpg

Recommendation numbered, Nº: 17042020p1


🔘 Book page to dowload: enisa.europa.eu/publications/recommendations-for-european-standardisation-in-relation-to-csa-i/at_download/fullReport


Summary

The document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations (SDOs) in this context, and discusses various ways how standardisation can support efficiently the process of certification schemes creation by following a step by step methodology. The methodology described in this study can be used as guidelines for new certification schemes or standards authors. It will help setting up KPIs, useful for all stakeholders involved in the preparation or operational phase of a certification scheme. The qualification system proposed can be used also to define more precisely the requirements associated with the different assurance levels mentioned in article 52 of the Cybersecurity Act. With regard to standardisation activities, the study proposes a set of recommendations for the Standards Developing Organisations and the prospective authors of certification schemes.

Chapters

  • INTRODUCTION
  • THE SCOPE AND VALUE OF CYBERSECURITY STANDARDISATION
  • THE DOMAINS OF STANDARDISATION
  • THE BENEFITS OF STANDARDISATION
  • THE ROLE OF STANDARDISATION BODIES
  • ASPECTS OF STANDARDISATION BODIES
  • International level SDOs:
  • The EU level
  • Ad hoc standardisation bodies
  • Transposition of standards
  • Overlaps in standards
  • STANDARDISATION BODIES INVOLVED IN CYBERSECURITY
  • CYBERSECURITY CERTIFICATION SCHEMES
  • OBJECTIVES AND PURPOSE OF THE CERTIFICATION SCHEMES
  • CYBERSECURITY CERTIFICATION SCHEME OWNER
  • CORE COMPONENTS OF A CYBERSECURITY CERTIFICATION SCHEME
  • Technical Specification of Security Requirements for the ICT product, process or service
  • Assessment Methodology
  • Specification of requirements for Conformity Assessment
  • STANDARDISATION IN SUPPORT OF CYBERSECURITY CERTIFICATION
  • STEPS DEFINING A NEW CERTIFICATION SCHEME
  • Stage 1. Definition of the security objectives
  • Stage 2. Identification of the relevant standards in place
  • Stage 3. GAP Analysis.
  • Stage 4. Preparation of the final set of documentation with missing requirements
  • Stage 5. Validation and formal adoption of the Certification Scheme.
  • CONCLUSIONS AND RECOMMENDATIONS
  • A ANNEX: QUALIFICATION SYSTEM FOR CYBERSECURITY CERTIFICATION SCHEMES
  • B ANNEX: CLASSIFICATION SYSTEM FOR CYBERSECURITY CERTIFICATION SCHEMES
  • C ANNEX: EU CYBERSECURITY ACT – ARTICLE 54: ELEMENTS OF EUROPEAN CYBERSECURITY CERTIFICATION SCHEMES
  • D ANNEX: TERMS AND DEFINITIONS

Author

[Unofficial biography. For informational purposes only]

ENISA (European Union Agency for Cybersecurity)

The European Union Agency for Cybersecurity (ENISA) has been working to make Europe cyber secure since 2004. The Agency is located in Athens, Greece, and has a second office in Heraklion, Greece. Provides recommendations on cybersecurity, supports policy development and its implementation, and collaborates with operational teams throughout Europe. ENISA contributes to securing Europe’s information society by raising awareness and by developing and promoting a culture of network and information security in society thus contributing to the proper functioning of the internal market. The Agency works closely together with Member States and private sector to deliver advice and solutions as well as improving their capabilities. This support includes inter alia: the pan-European Cybersecurity Exercises, the development and evaluation of National Cybersecurity Strategies, CSIRTs cooperation and capacity building, studies on IoT and smart infrastructures, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, identifying the cyber threat landscape, and others. (Source: enisa.europa.eu)


Please, thank the ENISA (European Union Agency for Cybersecurity)


Thank you very much for this work to @enisa_eu, via @States_AI_IA #endorsement #standars #Cybersecurity #recommendations #healthcare #certification #ICT #ai #artificialintelligence #ia #thebibleai #security