Cybersecurity Act
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Chapter IV – FINAL PROVISIONS
Recitals (110)
Annexes
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Article 51a
Security objectives of European cybersecurity certification schemes for managed security services
A European cybersecurity certification scheme for managed security services shall be designed to achieve, as applicable, at least the following security objectives:
(a) that the managed security services are provided with the requisite competence, expertise and experience, including that the staff tasked with providing those services have a sufficient and appropriate level of technical knowledge and competence in the specific field, sufficient and appropriate experience, and the highest degree of professional integrity;
(b) that the provider has appropriate internal procedures in place to ensure that the managed security services are provided at a sufficient and appropriate level of quality at all times;
(c) that data accessed, stored, transmitted or otherwise processed in relation to the provision of managed security services are protected against accidental or unauthorised access, storage, disclosure, destruction, other processing, or loss or alteration or lack of availability;
(d) that the availability of, and access to, data, services and functions is restored in a timely manner in the event of a physical or technical incident;
(e) that authorised persons, programs or machines are able to access only the data, services or functions to which their access rights refer;
(f) that a record is kept and is available for assessment, of the data, services or functions that have been accessed, used or otherwise processed, at what times and by whom;
(g) that the ICT products, ICT services and ICT processes deployed in the provision of the managed security services are secure by design and by default and, where applicable, include the latest security updates and do not contain publicly known vulnerabilities.
Related Recitals
Recitals providing context for this provision
No related recitals identified yet.