CALL FOR APPLICATIONS FOR THE SELECTION OF MEMBERS OF THE STAKEHOLDERS CYBERSECURITY CERTIFICATION GROUP
The European Commission has launched a call for applications to select the members of the Stakeholder Cybersecurity Certification Group (SCCG).
The Stakeholder Cybersecurity Certification Group will be chiefly responsible for advising the Commission and ENISA on strategic issues regarding cybersecurity certification, and assisting the Commission in the preparation of the Union rolling work programme.
The call is open to academic institutions, consumer organisations, conformity assessment bodies, standard developing organisations, companies, trade associations and other membership organisations.
Securing network and information systems in the European Union is essential to keep the economy running, to ensure prosperity and to protect against incidents, which can harm European citizens and business, and damage consumer trust in digital technologies
To address this challenge, the Commission adopted on 13 September 2017 a wide-ranging set of measures aimed at strengthening cybersecurity, including the proposal for a Cybersecurity Act ('the Act') 1 , which entered into force on 27 June 2019. The Act establishes an EU-wide voluntary cybersecurity certification framework.
In order to establish and preserve trust and security, Information and Communication Technologies (ICT) products, services and processes need to directly incorporate security features in the early stages of their technical design and development (security by design). Moreover, customers and users need to be able to ascertain the level of security assurance of the products and services they procure or purchase.
Certification, which consists of the formal evaluation of products, services and processes by an independent and accredited body against a defined set of criteria and standards and the issuing of a certificate indicating conformance, plays an important role in increasing trust and security in products and services. While security evaluations are quite a technical area, certification serves the purpose to inform and reassure purchasers and users about the security properties of ICT products and services. This is particularly relevant for new systems that make extensive use of digital technologies and which require a high level of security, such as e.g. connected and automated cars, electronic health, industrial automation control systems (IACS) or smart grids.
As set out in the Cybersecurity Act, the cybersecurity certification framework lays down the procedure for the creation of EU-wide cybersecurity certification schemes, covering ICT products, services and processes. Each scheme will specify one or more levels of assurance (basic, substantial and high), depending on the risk associated with the intended use of the product, service or process object of the scheme.
For more information click "LINK TO ORIGINAL" below.