Recent news
Discover our working group
This Working Group brings together certifiers, test labs, component manufacturers, system integrators, service providers, national public administrations, RTOs, etc. to contribute to activities for pre-standardisation and to support the development and use of trusted European certified solutions across the supply chain and the various sectors.
Mission & Objectives
The mission of this WG is to support the roll-out of EU ICT security certification schemes, standard and legislative recommendations, and ensure the establishment of trusted and resilient supply chains in Europe. Some of the objectives are:
- Understand the challenges of the industry in using standards and certification schemes.
- Understand the needs of the market to identify the gaps in standardisation and propose a roadmap for priorities.
- Define methodologies and approaches to facilitate and support the use of certification schemes.
- Provide guidelines & recommendations on European legislations and policy initiatives.
Ongoing work
- Continue and strengthen collaborations with ENISA, EC, European SDOs and other relevant stakeholders.
- Support policy implementation: link with DEP priorities describing challenges and plan for the future. Development of capabilities.
- Address the challenges for a trusted supply chain and management of the risks.
- Identify the challenges for SMEs in using certification schemes and define guidelines / best practices.
- Study and explain system and service lifecycle and associated risk management.
- Focus on the technical details of the composition approach: the operational phase (e.g. vulnerability and patch management) of the composed product and expectations for product composition. Link with first EU certification schemes.
Our achievements

Guidelines & recommendations on certification policies and standards
- Meta-scheme approach (supported the Council for the discussions leading to the creation of a European Cybersecurity Certification Framework) and Challenges ahead for the roll out of the Cybersecurity Act publications.
- Mapping of cybersecurity standards and certification schemes (SOTA)
- Mapping of industrial needs for certification (COTI)
- Analysis of best practices for security assessment of products, systems and services and business constraints
- Product certification “composition” underlying the principles and practical aspects to reuse evidence in certification (‘composition’) and reduce the time to market (a second version is under definition).
- System lifecycle and associated risk management: awareness about system security and considerations about system security compliance and certification (under definition)

Cooperation with ESOs, EC and EU Agencies
ECSO has positioned itself as a key actor in the European standardisation and certification institutional landscape. Thanks to its constituency and cumulated expertise, it has gained recognition and is frequently solicited by EU Institutions for recommendations and advice.