Publications

Featured publications

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

2024 Report on the State of the Cybersecurity in the Union

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

All publications

Publish Date

Standards and tools for exchange and processing of actionable information

This document has been created as part of an ENISA-funded study of the state of security information sharing and is intended to supplement the main report, “Actionable Information for Security Incident Response.” The purpose of this document is to…

Actionable information for security incident response

This document is intended as a good practice guide for the exchange and processing of actionable information. The report is relevant to incident response in all types of organizations, the primary audience of this study isnational and governmental…

Network and Information Security in the Finance Sector

Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of…

Threat Landscape of Internet Infrastructure

This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources (…

Privacy and Data Protection by Design

This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various…

Smart Grid Security Certification in Europe

The report describes the need for harmonised European smart grid certification practices which cover the complete smart grid supply chain, and are supported by a European platform based on M/490 SGAM1 (Smart Grid Architecture Model) and the concept…

Protection of Underground Electronic Communications Infrastructure

This document aims to provide recommendations to Member States (MS) that wish to protect their underground electronic communications infrastructure against disruption due to civil works. This document shall help MS to assess their need to deploy an…

Secure ICT Procurement in Electronic Communications

The report, “Secure ICT Procurement in Electronic Communications”, focuses on the growing dependency of electronic communications service providers on ICT products and outsourced services, it analyses security risks associated with third party ICT…

Security Guide for ICT Procurement

The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks…

Impact Analysis and Roadmap

This report represents the outcome of an impact assessment of ENISA’s support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020. The key…