Security Framework for Trust Service Providers

Back to all publications

Publication date:March 11, 2021

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS trust services and based on ISO/IEC 27005 general approach; 2) Security incident management by using the appropriate measures to efficiently detect, measure the impact, respond, report, and recover from security incidents as part of the eIDAS Regulation; 3) Security measures recommended to TSPs from “technical” standards and best practices to treat the risks and contribute to the security incident management. The level of security of these measures is to be selected by the TSP to be commensurate to the degree of risk bound to the context of the TSP (determined during the “context establishment”).