Risk Management Standards
The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.
Improving recognition of ICT security standards
This report is a continuation and an extension of previously carried out ENISA work on approaches to the NIS Directive by Member States, which have provided recommendations on standardisation and have outlined the use and management of CSIRTs.
Standardisation in support of the Cybersecurity Certification
The document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations (SDOs) in this context, and discusses various ways how standardisation can support…
Guidance and gaps analysis for European standardisation
This study aims to a) explore how the standards-developing world is responding to the fast-changing, demanding realm of privacy by mapping existing available standards and initiatives in the area and b) provide insights on the “state-of-the-art” of…
Cybersecurity Certification: Candidate EUCC Scheme
Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…
Gaps in NIS standardisation - Recommendations for improving NIS in EU standardisation policy
This report recommends that the European Commission, with the support of the Member States, pursuant to the NIS Directive, adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of…
Challenges of security certification in emerging ICT environments
This report aims to provide decision makers with a thorough description of the security certification status concerning the most impactful equipment in five different critical business sectors. Results of this study should help to improve and…
Market of Cybersecurity Assessments
This Report aims at presenting the current state of play of cybersecurity assessments of ICT products and cloud services. In order to study the dynamic of the related market, the report focuses on the evolution of the number of assessed ICT…
EUCS – Cloud Services Scheme
This publication is a draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services), which looks into the certification of the cybersecurity of cloud services. In accordance with Article 48.2 of the…
Cybersecurity Certification: Candidate EUCC Scheme V1.1.1
Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…