WG1: Standardisation, certification and supply chain management

Misson & Objectives

The working group addresses the following issues: 
  1. EU ICT security certification framework and its priorities
  2. Standards to support cybersecurity certification schemes
  3. Security assessment of components, systems and services
  4. Testing and validation of the supply / value chain in Europe for increased digital autonomy
  5. Cooperation with EU bodies


ACTIVITIES

1. SOTA - COTI reports - SOTA: State of the Art in Europe on certification for the different products and services; COTI: needs from industry for future  certification.
IMPACT: Better common understanding of situation and needs to prepare future priorities

2. Meta-scheme: input to the Cybersecurity Act. Tool for qualitative market analysis to define focused initiatives and promote EU solutions as methodology for the European Certification Framework.
IMPACT: Used by the Council’s HWP to find the Compromise Agreement. Methodology to harmonise the minimum security requirements, supports scalable common structure and re-use across verticals

3. Analysis of best practices for security assessment of products, systems and services and business constraints
IMPACT: better definition of certification procedures, explaining how to benefit from the right mix of security assessments, and what constraints to be aware of

4. Priorities for future EU certification schemes (under development). Suggestions to ENISA. ECSO requested participation at the SCCG - Stakeholder Cybersecurity Certification Group
IMPACT: Provide ENISA with common priorities and industrial needs for definition of certification schemes on products, process and services

5. Connected components: implementation speed and harmonisation: composability (inter-relationships of used components for trusted supply chain) approach for standards and certification

6. Systems and services: standards and best practices for processes: Understanding the needs, approaches for risk management


Segmentation

Chairs of WG1: Eric Vetillard (Eurosmart / NXP), Mario Jardim (Schneider Electric), Martin Schaffer (SGS)

The working group is segmented into the following sub-working groups:

  • SWG1.1 Self-assessment — Chairs: Philips
  • SWG1.2 Third party assessment — Chairs: RedAlertLabs
  • SWG1.3 Base layer — Chairs: Conceptivity, Secura, UL

Collaboration

Task Force for collaborations at EU level: ETSI and CEN/CENELEC (on standardisation) – MoU signed for definition of priorities for developing EU standards in particular linked to certification; ENISA (on certification); JRC for the IACS (IoT) pilot project; ICT Standardisation Multi-Stakeholder Platform

Publications

  • 6/2017, WG1 MEMBERS - STATE OF THE ART SYLLABUS (download file)
  • 12/2017, WG1 MEMBERS - STATE OF THE ART SYLLABUS updated (download file)
  • 12/2017, WG1 MEMBERS - European Cyber Security Certification - A Meta-Scheme Approach (download file)
  • 9/2019, WG1 MEMBERS - European Cyber Security Certification: Assessment Options (download file)

Contact

ECSO Secretariat: wg1_secretariat@ecs-org.eu


Back