Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
European Union Agency for Network and Information Security
ENISA activities in ICT security certificationDr. Prokopios Drogkaris | NIS ExpertNLO Meeting | Athens | 30.01.2018
2
By affixing the CE marking to a product, a manufacturer declaresthat the product meets all the legal requirements for CE marking and can be sold throughout the European Economic Area.
ENISA activities in ICT Security Certification | P. Drogkaris
What are these symbols anyway?
3
• Defining Certification
“formal evaluation of products, services and processes by an independent and accredited body against a defined set of criteria standards and the issuing of a certificate indicating conformance”*
• Security certification of products has been traditionally dominated by common criteria
• Within EU
- SOG-IS MRA is the dominant player in common criteria certification
- Multiple national and sectorial initiatives focused on security certification
ENISA activities in ICT Security Certification | P. Drogkaris
Background
*EC COM(2017) 477 final**http://ec.europa.eu/newsroom/document.cfm?doc_id=46999
**
4ENISA activities in ICT Security Certification | P. Drogkaris
ICT security certification within EU policy context
EU Cybersecurity Strategy
Digital Single Market Strategy
Strengthening Europe’s Cyber Resilience System and Fostering a
Competitive and Innovative Cybersecurity Industry
Network and Information Security Directive
General Data Protection Regulation
Proposal for a Regulation on Privacy and Electronic
Communications
eIDAS Regulation
Payment Services Directive 2 Cybersecurity Act Proposal
5
• Avoid fragmentation caused by national ICT security certification initiatives
• Promote mutual recognition
• Simplify procedures, reduce the time and cost of deployment of IT products and services
• Improve competitiveness and quality of European products and services
• Give users more confidence in ICT products and services they purchase
ENISA activities in ICT Security Certification | P. Drogkaris
Features of an EU framework
Member States
Industry
ICT Security Certification Producers
ICT Security Certification Consumers
ECIL Group
6ENISA activities in ICT Security Certification | P. Drogkaris
ENISA Activities
Stocktaking on the development of a European ICT security certification and labelling framework
Imprint of European ICT security certification laboratories landscape
Supporting policy discussions, engagement and dialogue with stakeholders
Establishing working relations with industry working groups
Towards an EU framework based on existing schemes and responding to emerging lightweight requirements
Draft Cybersecurity ActProvisions on certification
8
• Voluntary European cybersecurity certification framework
• Enabling the creation of individual EU certification schemes for ICT products and services that are valid across EU
• Each scheme will specify:
• Scope, Evaluation criteria, Assurance level, Security requirements and Rules for monitoring compliance
• European Cybersecurity Certification Group (ECCG)
• National Certification Supervisory Authorities• European Commission• ENISA
Proposed certification framework
ENISA activities in ICT Security Certification | P. Drogkaris
9ENISA activities in ICT Security Certification | P. Drogkaris
Framework overview
10
• Support and promote the development and implementation of the Union policy on cybersecurity certification of ICT products and services
• preparing candidate European cybersecurity certification schemes for ICT products and services
• Provide Secretariat assistance to the European Cybersecurity Certification Group
• Compile and publish guidelines and developing good practices concerning the cybersecurity requirements of ICT products and services
• Facilitate the establishing and taking-up of European and international standards for risk management and for the security of ICT products and services
• Perform and disseminate regular analyses of the main trends in the cybersecurity market both on the demand and supply side
• Support European Cybersecurity Certification Group
ENISA activities in ICT Security Certification | P. Drogkaris
Envisaged ENISA tasks in a nutshell
PO Box 1309, 710 01 Heraklion, Greece
Tel: +30 28 14 40 9710
www.enisa.europa.eu
Thank you