WG1: Standardisation, certification and supply chain management
Misson & Objectives
- Support to the roll-out of EU ICT security certification framework and its priorities
- Recommendations on standards to support cybersecurity certification schemes
- Security assessment guidelines of components, systems and services
- Impact of security assessment along the supply / value chain in Europe for increased digital autonomy
- Cooperation with EU and international bodies on standardisation and certification
1. ECSO State Of The Art (SOTA) Syllabus gives an overview of the existing certification schemes and standards: products & components; ICT services; Systems; vertical Sectors; Service Providers and Organisation; Security Professionals.
IMPACT: Providing a cartography in standardisation - currently under revision - new version coming soon!
2. ECSO Meta-scheme Approach helps to harmonise the minimum security requirements, define a unified leveling across verticals to enable comparability and equivalence of the levels of assurance, and provide a common way to define the scope and required security claim.
IMPACT: Used by the Council’s HWP to find the Compromise Agreement. It can act as a methodological tool to structure the landscape "glue" together the existing schemes and specify additional steps.
3. ECSO Assessment options explains how to benefit from the right mix of security assessments, and what constraints to be aware of.
IMPACT: It provides insights to organisations that are building their cybersecurity capabilities and need to choose how to assess security.
4. Relevant challenges and priorities for future EU certification schemes.
IMPACT: Work on understanding the needs to provide ENISA with common and/or specific industrial needs for definition of certification schemes on products, process and services.
5. Strategy to address market needs: Connected products: reduce time to market thanks to composition approach. We focus on the inter-relationship of certified components based on standards for trusted supply chain and product certification following the EU Cybersecurity Act. Study systems and services dependencies: look at standards and best practices for processes & people. We work on understanding the needs, current approaches for risk management and professional certifications.
Chairs of WG1: Mario Jardim (Schneider Electric), Philippe Jeanmart (Bureau Veritas), Mark Miller (Conceptivity)
The working group is segmented into the following sub-working groups:
- SWG1.1 Connected Components — Huawei, Ikerlan, Red Alert Labs
- SWG1.2 Digital Services and Systems — No chairs for the moment
Task Force for collaborations at EU level:
ETSI and CEN/CENELEC (on standardisation) – MoU signed for definition of
priorities for developing EU standards linked to certification; ENISA (on certification);
JRC for the IACS (IoT) pilot project; ICT Standardisation Multi-Stakeholder
- 6/2017, WG1 MEMBERS - STATE OF THE ART SYLLABUS (download file)
- 12/2017, WG1 MEMBERS - STATE OF THE ART SYLLABUS updated (download file)
- 12/2017, WG1 MEMBERS - European Cyber Security Certification - A Meta-Scheme Approach (download file)
- 9/2019, WG1 MEMBERS - European Cyber Security Certification: Assessment Options (download file)
ECSO Secretariat: firstname.lastname@example.org