EU Standards Supporting Certification
The European Union Agency for Cybersecurity (‘ENISA’) published, on 4 February 2020, a report (‘the Report’) outlining frameworks, schemes and standards which can, in the future, become part of EU candidate cybersecurity certification schemes. In particular, the Report reflects on the current standards in the areas of Internet of Things, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records, and qualified trust services. In addition, the Report identifies and addresses potential gaps in the current cybersecurity certification schemes, and offers guidance on how to adapt the available standards to form the basis of future EU cybersecurity certification schemes.
This report explores five distinct areas, which have frameworks, schemes or standards that can potentially be evolved to EU candidate cybersecurity certification schemes. These five areas are Internet of Things (IoT), cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in the healthcare and qualified trust services.