Image
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…
Featured publications
ENISA NIS360 2024
The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…
2024 Report on the State of the Cybersecurity in the Union
This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…
All publications
Assessment of ETSI TS 119 403-3 related to eIDAS
This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take place…
Secure Group Communications for incident response and operational communities
With a number of cybersecurity incidents and an attack surface that increase every day, spanning from large infrastructures to the end users, there is the need to improve operational cooperation, preparedness and information exchange by promoting…
Trust Services Security Incidents 2018 - Annual report
The annual report on Trust Services Security Incidents 2018 gives an aggregated overview of security breaches, showing root causes, statistics and trends. It marks the third round of security incident reporting for the EU’s trust services sector.…
ENISA CSIRT maturity assessment model
This is the updated version of the "Challenges for National CSIRTs in Europe in 2016: Study on CSIRT Maturity" published by ENISA in 2017. The study takes all relevant information sources into account, with a special emphasis on the NIS Directive,…
ENISA Maturity Evaluation Methodology for CSIRTs
This is the updated version of the "Study on CSIRT Maturity – Evaluation Process" published by ENISA in 2017. The new version (v.2) reflects values that are consistent with other documents and studies on CSIRT maturity.
Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents
One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
ENISA’s PETs Maturity Assessment Repository
The present report aims at detailing the outcomes of the project that aimed to promote the ENISA’s PETs repository (and underlying PETs maturity assessment methodology) by 1) Engaging the privacy community into its use, and 2) Providing a plan for…
Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation
The scope of this report is to explore the concept of pseudonymisation alongside different pseusonymisation techniques and their possible implementation. The report is part of ENISA's work in the area of privacy and data protection, which focuses on…
Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default
This report aims to shed some light on what the data-protection-by-default principle means in information technology design, what is the situation today, as well as how the new GDPR obligation could support controllers in selecting data-protection-…
Reinforcing trust and security in the area of electronic communications and online services
This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of…