This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side. It addresses MSS usage patterns, compliance and skills certification, threats, requirements, incidents and challenges…
Annual Report - Trust Services Security Incidents 2024
Every year national supervisory bodies must send annual summary reports about the notified breaches to ENISA and the…
EU Managed Security Services Certification to drive the cybersecurity market
Following the request of the European Commission for the development of a candidate certification scheme for Managed Security Services, the EU Agency for Cybersecurity (ENISA) launches a call for expression of interest to participate in the…
10th ENISA eHealth Security Conference
The EU Agency for Cybersecurity (ENISA) is organising the 10th eHealth Security Conference, in collaboration with the Romanian National Directorate for Cybersecurity (DNSC) and the European Cybersecurity Competence Centre (ECCC). The conference…
5G Security Controls Matrix
The ENISA 5G Security controls matrix is a comprehensive and dynamic matrix of security controls and best practices for 5G networks, to support the national authorities in the EU Member States with implementing the technical measures of the EU’s 5G…
Good Practices for Security of IoT - Secure Software Development Lifecycle
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT…
Guideline on Security Measures under the EECC
This document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate…
Indispensable baseline security requirements for the procurement of secure ICT products and services
This short paper can be of use to suppliers and procurement officers when planning, offering and purchasing ICT products, systems and services. It is meant as a practical, technologically neutral document with clear, simple and sector-agnostic…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Telecom Security Incidents 2022
The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.