Security and Resilience in Governmental Clouds
Cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency. Understanding and managing risks related to the adoption and…
Navigating cybersecurity investments in the time of NIS 2
The latest report of the European Union Agency for Cybersecurity (ENISA) aims to support policy makers in assessing the impact of the current EU cybersecurity framework, and particularly the NIS 2 Directive, on cybersecurity investments and the…
Indispensable baseline security requirements for the procurement of secure ICT products and services
This short paper can be of use to suppliers and procurement officers when planning, offering and purchasing ICT products, systems and services. It is meant as a practical, technologically neutral document with clear, simple and sector-agnostic…
Auditing Framework for TSPs
This report provides an overview of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site),…
Remote ID Proofing
This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides…
Stock taking of security requirements set by different legal frameworks on OES and DSPs
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Trusted e-ID Infrastructures and services in the EU - Recommendations for Trusted Provision of e-Government services
Under the scope of the the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic…
How to achieve the Interoperability of EU Risk Management Frameworks
The European Union Agency for Cybersecurity (ENISA) issues an analysis of the interoperability potential of cybersecurity risk management frameworks and methodologies to improve decision-making.
Asking for your feedback: ENISA technical guidance for the cybersecurity measures of the NIS2 Implementing Act
We are inviting industry stakeholders to provide comments on the technical guidance for the NIS2 implementing act on cybersecurity measures for critical entities in the digital infrastructure sector.
IT Risk Management is essential
Visual Tool Ensures Regulatory Compliance and Effective Implementation of Corporate Risk Management Requirements
ENISA develops graphical framework illustrating the integration of Risk Management/Risk Assessment into corporate operational processes