Image
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…
Featured publications
ENISA NIS360 2024
The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…
2024 Report on the State of the Cybersecurity in the Union
This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…
All publications
Managed Security Services Market Analysis
This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side. It addresses MSS usage patterns, compliance and skills certification, threats, requirements, incidents and challenges…
Cyber Resilience Act Requirements Standards Mapping - Joint Research Centre & ENISA Joint Analysis
To facilitate adoption of the CRA provisions, these requirements need to be translated into the form of harmonised standards, with which manufacturers can comply. In support of the standardisation effort, this study attempt to identify the most…
Cybersecurity of AI and Standardisation
The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in…
Interoperable EU Risk Management Toolbox
This document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information security RM methods. The toolbox aims to facilitate the smooth integration of various RM methods in an…
Interoperable EU Risk Management Framework
This report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents related results. The methodology used to evaluate interoperability stemmed from extensive research of…
Risk Management Standards
The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.
5G Cybersecurity Standards
This report outlines the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. This report focuses on standardisation from a technical and organisational perspective.
Compendium of Risk Management Frameworks with Potential Interoperability
This report presents the results of desktop research and the analysis of currently used
cybersecurity Risk Management (RM) frameworks and methodologies with the potential
for interoperability. The identification of the most prominent RM frameworks…
Methodology for Sectoral Cybersecurity Assessments
The methodology for sectoral cybersecurity assessments described in this document (called SCSA Methodology) addresses objectives in the context of ICT security for sectoral multi-stakeholder systems and drafting sectoral cybersecurity certification…
Cybersecurity Certification: Candidate EUCC Scheme V1.1.1
Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…