Image
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…
Featured publications
ENISA NIS360 2024
The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…
2024 Report on the State of the Cybersecurity in the Union
This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…
All publications
PSIRT Expertise and Capabilities Development
This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7…
Recommendations for the security of CAM
The aim of this report is to provide a high-level overview of the cybersecurity challenges in the CAM sector and to highlight both the concerned CAM actors and associated recommendations. Cybersecurity in the CAM ecosystem is partially standardised…
Post-Quantum Cryptography: Current state and quantum mitigation
This study provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC). It presents the 5 main families of PQ algorithms; viz. code-based, isogeny-based, hash-based, lattice-based and…
Security Framework for Qualified Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…
Security Framework for Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Recommendations for Qualified Trust Service Providers based on Standards
This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for their…
Remote ID Proofing
This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides…
Conformity Assessment of Qualified Trust Service Providers
This document provides an overview of the conformity assessment framework for QTSPs as set out in the eIDAS Regulation, i.e. aiming to confirm that the assessed QTSP/QTS fulfils its requirements. This report discusses the typical process flow and…
EU Cybersecurity Initiatives in the Finance Sector
The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders run…
Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies
This report aims to increase the understanding
of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components,
and illustrate their use by pointing to…