State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities
The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
EUCS – Cloud Services Scheme
This publication is a draft version of the EUCS candidate scheme (European Cybersecurity Certification Scheme for Cloud Services), which looks into the certification of the cybersecurity of cloud services. In accordance with Article 48.2 of the…
Standards flying: improving the recognition of ICT security standards
ENISA publishes a report that provides an assessment on the maturity of the implementation of the European Cyber Security Standardisation activities in the EU Member States with respect to the NIS Directive.
Cyber Security and Resilience of smart cars
The objective of this study is to identify good practices that ensure the security of smart cars against cyber threats, with the particularity that smart cars’ security shall also guarantee safety. The study lists the sensitive assets present in…
Privacy standards for information security
Over the last decade, there has been a significant development of privacy standards, which aim at contributing to the integration of privacy requirements into information processes, systems and services.
Assessment of Standards related to eIDAS
The eIDAS Regulation (EU) No 910/2014, lays down requirements for qualified electronic signature creation devices (QSCD) to ensure the functionality of advanced electronic signatures and seals. In the specific context of QSCD however, security…
Cybersecurity of AI and Standardisation
The overall objective of the present document is to provide an overview of standards (existing, being drafted, under consideration and planned) related to the cybersecurity of artificial intelligence (AI), assess their coverage and identify gaps in…
Railway Cybersecurity - Good Practices in Cyber Risk Management
This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust…
Recommendations for the security of CAM
The aim of this report is to provide a high-level overview of the cybersecurity challenges in the CAM sector and to highlight both the concerned CAM actors and associated recommendations. Cybersecurity in the CAM ecosystem is partially standardised…
Security Framework for Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…