Activities - Activity 3

Cross Border Exchange

Technical brief

Building internal capabilities is key to the successful implementation of the Cybersecurity Certification framework in EU member countries. Several activities of the A4CEF project supported internal capability building and cross border exchange between Ireland and Cyprus. A gap analysis was conducted, identifying requirements for NSAI to act as a CAB in the context of Cybersecurity Certifications. These requirements also contributed to the preparation of authorisation and accreditation processes, that have been discussed during workshops to exchange best practices between partners. However, these processes will require more input from the implementing acts and additional documentation (e.g., requirements for CABs) when they are published.

CAB Gap Analysis
 

What is this activity about?

The aim of this activity is to exchange information between stakeholders. NSAI will benefit from the results of the B4C project. DSA, KEP and RAL will learn from NSAI’s experiences in conformity assessment in relation to certification of cloud services.

What are the tasks involved?

  • Define CAB accreditation requirements from the B4C project requirements 

  • Preparation for the accreditation and authorization processes based on the results of the B4C project 

  • Series of demonstration activities aiming to share the experience in manual data entry in the context of paper-based systems and legacy IT systems designed to support certification processes

  • Providing insights on certification processes in Ireland specifically around cloud services. This will address knowledge gaps for other project stakeholders in the context of perceived risks, applicable security controls (e.g. human, IT, infrastructural, operational, vulnerability handling), market supervision/surveillance and regulatory compliance. A workshop will be conducted to discuss all stages of the certification process (i.e. Application process; Planning Process; Execution Process; Reporting; Certification decision). This will ensure a consistent approach is taken and ultimately support a fully functioning certification capability in Cyprus for cloud security certification schemes

  • Workshops to exchange ideas and best practices regarding the cybersecurity audits of CABs and vendors in their respective territories. This task will cover supervision of CAB cybersecurity schemes, enforcement of manufacturers’ obligations, complaints handling and incident management. A list of relevant recommendations will be generated for coherent, consistent, objective, and timely incident handling in accordance with regulatory requirements. 

What are the expected results?

  • Gap analysis for designated NCCA in Ireland providing a roadmap for development in respect of both the NCCA and CAB roles and functions. 

  • Demonstration, workshop reports and CAB audits checklist