Good practices on the implementation of regulatory technical standards
MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
IoT Security Standards Gap Analysis
This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.
Towards global acceptance of eIDAS audits
The goal of the study is to explore the eIDAS Conformity Assessment Report (CAR), the corresponding audit requirements, gaps arising from comparison with competing audit schemes, and the emergent issues at the core of the global conversation between…
State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities
The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary
This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects…
Cyber Europe 2018 - After Action Report
ENISA has compiled all the information gathered during the exercise and produced an after-action report, identifying challenges and main takeaways, and making useful recommendations for the participants.
Analysis of the European R&D priorities in cybersecurity
The present document provides a series of recommendations for the priorities in the EU for R&D in the domain of ICT security made after analysis of a wide series of interviews with domain experts.
The proposed research priorities have the aim to…
Assessment of Standards related to eIDAS
In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419 241…
Economics of Vulnerability Disclosure
Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…
Guideline on assessing security measures in the context of Article 3(3) of the Open Internet regulation
This guideline regards the security exceptions in the EU net neutrality rules. It offers a checklist and an evaluation form to help NRAs in deciding whether or not a provider is allowed to take a security measure, for example blocking certain…