Cybersecurity Act
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – ENISA (THE EUROPEAN UNION AGENCY FOR CYBERSECURITY)
Chapter III – CYBERSECURITY CERTIFICATION FRAMEWORK
Chapter IV – FINAL PROVISIONS
Recitals (110)
Annexes
Recital 87
(87) A European cybersecurity certification scheme might specify several evaluation levels depending on the rigour and depth of the evaluation methodology used. Evaluation levels should correspond to one of the assurance levels and should be associated with an appropriate combination of assurance components. For all assurance levels, the ICT product, ICT service or ICT process should contain a number of secure functions, as specified by the scheme, which may include: a secure out-of-the-box configuration, a signed code, secure update and exploit mitigations and full stack or heap memory protections. Those functions should have been developed, and be maintained, using security-focused development approaches and associated tools to ensure that effective software and hardware mechanisms are reliably incorporated.