Advancing Cybersecurity Certification Capabilities with Cross-border exchange and Enhancing (business) Flows

The EU Cyber Security Act

The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products, services and processes. 

The EU Cybersecurity Act introduces an EU-wide cybersecurity certification framework for ICT products, services and processes. Companies doing business in the EU will benefit from having to certify their ICT products, processes and services a single time before placing on the European market.

This project will facilitate the implementation of the Cybersecurity Act by building-up the internal capabilities of relevant bodies.  

Development of a comprehensive framework model for all stakeholders, interactions and flows will facilitate businesses that are active in the area of ICT to certify their products globally with the aim of elevating trust, technology and security and by extension the national economies. 

This project has been designed to directly meet the relevant requirements for the deployment of the Digital Service Infrastructure (DSI) defined in section 3.9 of the 2019-2020 Connecting Europe Facility (CEF) Telecom Work Programme “Support to cooperation and capacity building for cybersecurity certification in line with the Cybersecurity Act”. 

Objectives

This project has been designed to directly meet objectives of the CEF-TC-2020-2 call for proposals text, under Objective 4 – “Support to cooperation and capacity building for cybersecurity certification in line with the Cybersecurity Act”.  The following objectives have been identified and will be addressed:

- to leverage and extend the results being produced by the existing B4C Project (Action CEF 2019-EU-IA-0109),

- to build up the internal capabilities of the National Standards Authority of Ireland (NSAI), which is already an established CAB and is one of the candidates being considered for designation as NCCA in Ireland.

- to enhance the internal capabilities of all the consortium partners, through newly developed training material on cloud computing certification, and through practical application of the certification processes previously defined and developed at NSAI, with the conduct of related cloud computing pilot certifications.

- to (cross-border) exchange best practices and relevant information related to conformity assessment activities (including the entire ‘value chain’ of the European Cybersecurity Certification Framework), through structured bi-directional exchange between Cyprus and Ireland.

- to build a comprehensive reference model to directly support the full range of cybersecurity certification activities from A to Z, through the development of a comprehensive reference model for all stakeholders, interactions and flows as defined in the European Cybersecurity Certification Framework.

- to effectively disseminate the results of the proposed Action to a large number of stakeholders in the countries involved and also across Europe, through structured dissemination and communication activities in relevant working groups and other European fora.

Flow based electronic cybersecurity certification is a new approach among CABs and other Certification Process Stakeholders, however it is one that is recognised as being of high importance by them as they move towards the digital era and of online real time data exchange across entities located in various countries. This action aims to offer a ‘complete e-package reference model’ in the with respect to cybersecurity activities and capabilities, including the offering and management of cybersecurity certification across a range of products, services and processes. Through these activities, businesses that are active in the area of ICT will be able to certify their products, services and processes globally, with the aim of elevating the level of trust, technology and security (and by extension, the national economies).

 Activities