ENISA Cybersecurity Standardization and the Cybersecurity Act
Certifications required for performing cyber security testing are well defined, but up until now there was no EU certification framework for IT products being developed and sold. The EU Cybersecurity Act, adopted a few days ago, intends to change that by establishing a European cybersecurity certification framework for ICT products, services and processes. Standardisation will play an important role in the new framework. The Cybersecurity Act will entry into force starting May 2019.
European Network and Information Security Agency (ENISA) will take the leadership role of sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU.
This article provides further insight on what cybersecurity framework consists in and how it impacts financial institutions.