Good practices on the implementation of regulatory technical standards
MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
Good practices on interdependencies between OES and DSPs
This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Signalling Security in Telecom SS7/Diameter/5G
The present study has deep dived into a critical area within electronic communications, the security of interconnections in electronic communications (signalling security). Based on the analysis, at this moment there is a medium to high level of…
Mapping of OES Security Requirements to Specific Sectors
The current report provides a substantial and comprehensive mapping of the security requirements for OES, as they have been agreed in the NISD Cooperation Group, to sector specific information security standards. ENISA conducted desktop research on…
Stock taking of information security training needs in critical sectors
The primary objective of this project is to provide a mapping of ENISA’s training program and a strategy to adapt it in the light of the recently adopted EU NIS Directive, catering for the needs of the identified critical sectors.
Incident notification for DSPs in the context of the NIS Directive
This report provides preliminary guidelines on how incident notification provisions for Digital Service Providers could be effectively implemented across the EU. Based on valuable input from Member States and companies directly impacted by the…
Technical Guidelines for the implementation of minimum security measures for Digital Service Providers
ENISA has issued this report to assist Member States and DSPs in providing a common approach regarding the security measures for DSPs. This particular initiative has been achieved by examining current information and network security practices for…
Report on Cyber Security Information Sharing in the Energy Sector
The purpose of this report is to understand and learn the development of CSIRTs, ISACs, as well as relevant initiatives on information sharing on cyber security incidents in the energy sector by focusing on the subsectors identified in the NIS…
Communication network dependencies for ICS/SCADA Systems
ENISA is continuing the work on communication network dependencies in industrial infrastructures, focusing in this case on ICS/SCADA systems and networks. The main objective is to provide insight into the communication network interdependencies…