by Rasma Araby

atsec has recently participated in two conferences that focused on cybersecurity certification: the 2022 International Conference on the EU Cybersecurity Act in Brussels, Belgium, and ENISA Cybersecurity Certification Conference 2022 in Athens, Greece.

atsec contributed with two presentations at the EU Cybersecurity Conference“Successful cPP Certification under the CSA,”presented by Rasma Araby, and“A Scheme of Scheme – Challenges and opportunities for CSA schemes”presented by Staffan Persson. Also, Rasma Araby participated in the panel discussion regarding“Market Incentives for Certification”at the ENISA Cybersecurity Certification Conference.

Both conferences focused on the upcoming certification schemes being developed in Europe. Upon request of the European Commission (Article 48 (2) of the Cybersecurity Act (CSA)), ENISA is working on three cybersecurity certification schemes:

Both conferences discussed the need for standardization and certification and also focused on stakeholder requirements, applicable national and international legislations, as well as the threat landscape. The need for harmonized requirements and schemes was heavily underlined by the attending product vendors.

All three certification schemes are under development right now. It is expected the EUCC scheme will be completed and adopted first. For the legal implementation of the candidate EUCC scheme prepared by ENISA, the European Commission will adopt an implementing act, presumably at the end of 2022.

In the second part of this blog, we will continue reporting on the cybersecurity certification schemes in Europe and will solely focus on the EUCC scheme. Stay tuned!