This is a key step towards strengthening the European cyber security ecosystem because it enhances the mandate for ENISA and establishes the European cybersecurity certification framework. 

ENISA’s mandate

ECSO will continue to support ENISA in its role of assisting the Member States in tackling cyber security threats and strengthening

The Cybersecurity Act enhances ENISA’s mandate and provides more resources for the Agency to fulfill its tasks. cyber security capabilities and resilience at the EU level, with a focus on cyber hygiene measures and better preparedness of the industrial sectors for the new technologies and digital era.

ECSO complements ENISA’s activities in several ways, ranging from support to SMEs and dialogue with Users, to awareness, training, and support to capacity building, to aspects dealing with the market and harmonisation of cyber security certification.

Framework for the European Cyber Security Certification

In terms of cyber security certification, the Cybersecurity Act sets the rules for the creation of the framework for European cyber security certification.

ECSO has already contributed to the discussions with the publication of the ECSO Meta-scheme approach and the State-of-the-Art (SOTA) Syllabus of certification schemes and standards. Both documents represent important steps towards structuring the landscape, enhancing trust by defining transparent rules, and identifying relevant gaps to foster harmonization in Europe.

ECSO will continue its efforts to gather all relevant European cyber security actors to provide the building blocks and needs of the private sector (across the supply chain), as well as insights on topics such as criteria to decide on the most appropriate type of assessment and procedures, in order to support ENISA in its mandate.

ECSO is currently working on an updated version of its Meta-scheme approach, including the identification of the characteristics under which certification schemes can be viewed and selected, and is looking forward to continued collaboration and dialogue with ENISA on this topic in 2019.

The activities on certification are coordinated by ECSO WG1 with a new set of documents planned to be issued in March 2019:

  • Document on Assessment, from self to third-party, shedding some light on the available types of assessment and identifying some of the criteria to decide on the fit-for-purpose type of assessment.
  • A new version of the ECSO Meta-scheme approach with general aspects of certification scheme composition, type of evaluations, continuous assessment and mapping with the Cybersecurity Act.

A public version of the Challenges of the Industry with initial needs of the industrial sector.



For more information, please contact Anders Johnson, RISE.