Cybersecurity Act
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Chapter IV – FINAL PROVISIONS
Recitals (110)
Annexes
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Article 8
Market, cybersecurity certification, and standardisation
1. ENISA shall support and promote the development and implementation of Union policy on the cybersecurity certification of ICT products, ICT services, ICT processes and managed security services, as established in Title III of this Regulation, by:
(a) monitoring developments, on an ongoing basis, in related areas of standardisation and recommending appropriate technical specifications for use in the development of European cybersecurity certification schemes pursuant to point (c) of where standards are not available;
(b) preparing candidate European cybersecurity certification schemes (candidate schemes) for ICT products, ICT services, ICT processes and managed security services in accordance with ;
(c) evaluating adopted European cybersecurity certification schemes in accordance with ;
(d) participating in peer reviews pursuant to ;
(e) assisting the Commission in providing the secretariat of the ECCG pursuant to .
2. ENISA shall provide the secretariat of the Stakeholder Cybersecurity Certification Group pursuant to .
3. ENISA shall compile and publish guidelines and develop good practices, concerning the cybersecurity requirements for ICT products, ICT services, ICT processes and managed security services, in cooperation with national cybersecurity certification authorities and industry in a formal, structured and transparent way.
4. ENISA shall contribute to capacity-building related to evaluation and certification processes by compiling and issuing guidelines as well as by providing support to Member States at their request.
5. ENISA shall facilitate the establishment and take-up of European and international standards for risk management and for the security of ICT products, ICT services, ICT processes and managed security services.
6. ENISA shall draw up, in collaboration with Member States and industry, advice and guidelines regarding the technical areas related to the security requirements for operators of essential services and digital service providers, as well as regarding already existing standards, including Member States’ national standards, pursuant to Article 19(2) of .
7. ENISA shall perform and disseminate regular analyses of the main trends in the cybersecurity market on both the demand and supply sides, with a view to fostering the cybersecurity market in the Union.
Related Recitals
Recitals providing context for this provision