Publications

Featured publications

ENISA Threat Landscape 2025

Download

Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…

NIS2 Technical Implementation Guidance

Download

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

Download

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

All publications

By topics

By type

Publish Date

5G Cybersecurity Standards

This report outlines the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. This report focuses on standardisation from a technical and organisational perspective.
Private Sector

Risk Management Standards

The purpose of this document is to provide a coherent overview of published standards that address aspects of risk management and subsequently describe methodologies and tools that can be used to conform with or implement these standards.
National / EU authoritiesPrivate Sector

Cyber Threats Outreach In Telecom

In this paper, we aim to give guidance to national Authorities and providers of electronic communications networks and services regarding how to strike the right balance and carry out efficient and effective outreach to users about cyber threats.
National / EU authoritiesPrivate Sector
zoning and conduits for railways

Zoning and Conduits for Railways

This document gives guidance on building zones and conduits for a railway system. To do so, first the methodology is described. This approach is based on the recently published CENELEC Technical Specification 50701 (CLC/CLC/TS 50701:2021).

Private Sector
nfv security in 5g challenges and best practices

NFV Security in 5G - Challenges and Best Practices

In this report explores relevant challenges, vulnerabilities and attacks to the Network Function Virtualization (NFV) within the 5G network. NFV changes the network security environment due to resource pools based on cloud computing and open network…
Private Sector

Boosting your Organisation's Cyber Resilience - Joint Publication

ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices.
National / EU authoritiesPrivate Sector

Security and Privacy for public DNS Resolvers

Domain Name System (DNS) resolution is a hierarchical distributed system of protocols and systems, whose main purpose is to map the human friendly domain names, such as www.example.com, to machine readable IP…
Private Sector

Data Protection Engineering

Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data…
Private Sector

Digital Identity: Leveraging the SSI Concept to Build Trust

The maintenance of continuity in social life, businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity. This report explores the potential of self-sovereign identity (SSI)…
Private Sector

Remote Identity Proofing - Attacks & Countermeasures

Remote identity proofing is a crucial element in creating trust for digital services. The present study analyses the collection and validation of evidence provided by the applicant to complete the verification of his or her identity. More…
Private Sector