Infineon, NXP, STMicroelectronics and ENISA have published a Common Position on Cybersecurity to address topics such as security certification and labelling.
They advocate for the extension of the Common Criteria (CC, ISO/IEC 15408) and SOG-IS MRA (Mutual Recognition Agreement) to all Member States for high assurance security levels.
A Baseline security certification (a “lightweight” certification) should be developed for ICT products and agreed by all Member States to address IoT, Commercial of-the-shelf (COTS) and products with short life cycle.
The introduction of a European trust label for connected devices should be built on defined baseline security requirements and existing internationally recognized certification schemes. This should be supported by a European Certification Framework.