Calling on you, 5G Experts! Join us on 5G Cybersecurity Certification

Back to News

The European Union Agency for Cybersecurity (ENISA) launches a call for expression of interest today to create an Ad Hoc Working Group on 5G cybersecurity certification.

The European Union Agency for Cybersecurity received earlier this year the request from the European Commission to prepare a new candidate certification scheme on 5G. The call launched today is intended to set up an ad hoc working group on 5G cybersecurity certification meant to support the Agency for the purpose of preparing the new EU 5G certification scheme.

What are the specific requirements of the call?

The call for expression of interest will establish an ad hoc working group (AHWG) to support the preparation of the EU 5G scheme, and is intended to:

  • meet the CSA requirements, ensuring consistency with other schemes of the EU cybersecurity certification framework and is expected to explore the possibility to re-use the EU Common Criteria and EU Cloud Services schemes or parts thereof;
  • fit seamlessly with the suite of solutions for 5G security created by the NIS cooperation group (EU coordinated risk assessment, 5G threat landscape and the5G toolbox).

How does the call fit into the preparation programme of the EU 5G scheme?

The programme for the preparation of the EU 5G scheme consists of 2 phases.

Phase one intends to achieve the “as-is” translation of elements composing existing schemes into their EU equivalents. Phase two foresees the adding of enhancements and improvements designed to meet the EU cybersecurity requirements, which will eventually lead to the final drafting of the certification scheme.

This call concerns phase 1 with the option to either extend phase 1 or launch a new call for phase 2 of the AHWG. The decision on phase 2 will largely be defined by the results of the gap analysis, to be concluded at the end of phase 1.

In phase 1, the work of the AHWG will be subdivided into 3 work streams focusing on:

  1. “As-is” translation of existing scheme elements into an EU-equivalent of the GSMA NESAS scheme
  2. “As-is” translation of existing scheme elements into an EU-equivalent of the GSMA SAS-SM and SAS-UP schemes and GSMA’s eUICC certification scheme
  3. Risk-based definition of security and certification requirements for components that support the before mentioned use cases and gap analysis

Each work stream requires different skillsets, competences and expertise of individual 5G stakeholder representations.

Terms of reference

Download the Terms of Reference from the dedicated page - Ad-Hoc Working Group on 5G Cybersecurity Certification

Deadline for applications

The call will remain open until 7h July 2021 at 12:00 EET (Athens time zone).

Background

Adopted in 2019, the Cybersecurity Act established the European Cybersecurity Certification Framework that allows creating market-driven EU certification schemes and helps reduce fragmentation between existing cyber certification schemes. This framework will deliver certification schemes recognised in all Member States, making it easier for businesses to trade across borders and for users to understand the security features of the product or service. More information on the EU's actions including for the 5G toolbox, is available on this page.

Further Information:

Securing EU’s Vision on 5G: Cybersecurity Certification

ENISA website - Certification Topic

Report on the EU 5G Toolbox Implementation by Member States Published

EU toolbox for 5G security

ENISA Threat Landscape for 5G Networks Report

Cybersecurity Standardisation Conference

EU Cybersecurity Strategy for the Digital Decade

For press questions and interviews, please contact press (at) enisa.europa.eu