Recommendations for technical implementation of the eIDAS Regulation
The present report aims to propose ways in which the eIDAS assessment regime can be strengthened based on the current regime of the eIDAS Regulation, the stakeholders’ concerns and the legitimate need to move towards a more harmonised approach with…
Incident Reporting for Cloud Computing
The proposed NIS Directive mentions cloud computing explicitly. This is not surprising. Cloud infrastructures play an increasingly important role in the digital society. A large part of the EU’s Digital Agenda is the European cloud strategy which…
Algorithms, Key Sizes and Parameters Report - 2013
This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to…
Considerations on ICT security certification in EU - Survey Report
Over the last years, ENISA has engaged in a number of activities in pursuit of supporting the Commission and the Member States in identifying a way forward on the certification of ICT security products and services, which on the one hand seeks to…
Electronic evidence - a basic guide for First Responders
This report is a continuation of the work done by ENISA in the field of good practices for CSIRTs and LEAs in the fight against cybercrime. It aims at providing a guide for first responders, with a special emphasis in evidence gathering. It aims at…
A Good Practice Collection for CERTs on the Directive on attacks against information systems
This Good Practice Collection was produced at the initiative of ENISA in the context of its support activities to ensure the efficient functioning of CSIRTs and their cooperation with Law Enforcement Agencies (LEAs) in the face of a new development…
Be Aware, Be Secure. Synthesis of the results of the first European Cyber Security Month
The report provides a synthesis of the results of the European Cyber Security Month (ECSM) which took place as a pilot project across Europe throughout last October 2012. The report gives an overview of the security-related weeks organised at…
Public Consultation on the draft Candidate EUCC Scheme
This report presents the outcome of the public consultation on the first draft of the cybersecurity certification candidate EUCC scheme. The scheme was developed following the request from the European Commission in accordance with Article 48.2 of…
Recommendations for QTSPs based on Standards - Technical guidelines on trust services
Following the publication of the eIDAS Regulation, a set of secondary and co-regulatory acts had to be published in order to provide technical guidance on how to implement the specific requirements of the eIDAS Regulation (in the TSP part of…
Flash Note: Large scale UDP attacks - the 2014 trend and how to face it
Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC…