Check it Out...
CyberPass deciphers product cybersecurity certificates/labels and generates the cybersecurity conformity and assurance of connected products.
ICT/IoT PRODUCTS SECURITY CERTIFICATION
This platform is intended to guide you through your ICT product security certification under National, European or International regulations.
CyberPass is a cost-effective and scalable solution that helps companies streamline their cybersecurity procurement, centralize compliance, proactively manage risk, and reinforce trust in their connected products supplied by third-party vendors.
Unlike other alternatives, CyberPass provides an intuitive and user-friendly platform that simplifies compliance assessment and certification processes. It also helps manufacturers extend their reach, centralize evidence, track regulatory obligations, and offer certified products, setting them apart from the competition.
Ongoing
5G SECURITY CERTIFICATION
Ongoing
Cyber Resillience Act | RED Delegated Act | PSTI
Live
TRUST should be further strengthened by offering information in a transparent manner on the level of security of ICT products, ICT services and ICT processes ...”
“An increase in trust can be facilitated by Union-wide CERTIFICATION providing for common cybersecurity requirements and evaluation criteria across national markets and sectors.”
EU Cybersecurity Act – Section (7)
CONSUMER
Market
ENTREPRISE
Market
INDUSTRIAL
Market
CRITICAL
Market
The EU cybersecurity certification framework defines a mechanism to establish European cybersecurity certification schemes and to attest that the ICT products, processes and services that have been evaluated in accordance with such schemes comply with specified security requirements. ENISA has a pivotal role in the design of the candidate EU cybersecurity certification schemes. The CSA provides clear guidelines regarding how these schemes should be designed in the articles below:
- Article 51 - Security objectives of European cybersecurity certification schemes
- Article 52 - Assurance levels of European cybersecurity certification schemes
- Article 54 - Elements of European cybersecurity certification schemes
Proposal for REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification ("Cybersecurity Act"), ST 15786 2018 INIT.
BASIC
CONSUMER / ENTREPRISE
A European cybersecurity certificate or an EU statement of conformity referring to assurance level ‘basic’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise the known basic risks of cyberincidents and cyberattacks.
• The evaluation activities should include at least a review of the technical documentation or, failing that, substitute evaluation activities with equivalent effect.sentence or two describing this item.
SUBSTANTIAL
ENREPRISE / INDUSTRIAL
A European cybersecurity certificate referring to assurance level ‘substantial’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise cybersecurity risks, cyberincidents and cyberattacks carried out by actors with limited skills and resources.
• The evaluation activities should include at least:a review to demonstrate the absence of known vulnerabilities;testing to demonstrate that the products, service or processes correctly implement the security functionalities;failing that, substitute evaluation activities with equivalent effect.
HIGH
INDUSTRIAL / CRITICAL
A European cybersecurity certificate referring to assurance level ‘high’ provides assurance that the ITC products, services and processes meet the corresponding security requirements, including security functionalities, and that they have been evaluated at a level intended to minimise the risk of state-of-the-art cyberattacks carried out by actors with significant skills and resources.
• The evaluation activities should include at least: a review to demonstrate the absence of known vulnerabilities;testing to demonstrate that the products, service or processes correctly implement the security functionalities;an assessment of their resistance to skilled attackers using penetration testing;failing that, substitute activities.
© 2020