Latest ENISA news

Report on standards supporting certification: Eurosmart's scheme mentioned

On 24 November, ENISA published a report on standards supporting certification. This report is an updated version of a previous ENISA report published in December 2019.

The report covers five areas:

-Internet of Things

-cloud infrastructure and services

-treat intelligence in the financial sector

-electronic health records in the healthcare

-qualified trust services

Eurosmart's certification scheme is still mentioned in the IoT chapter in this updated version of the report. Eurosmart’s scheme is described as “the first IoT certification scheme that was developed based on the requirements of the CSA”.

However, the report states that “Eurosmart proposes a scheme with a single assurance level, substantial, omitting to provide a basic assurance level that could provide the ground for certifying low-risk products.” The document explains that Eurosmart’s scheme is focused on smart card products that are subject to high-level attacks, unlike smart home devices.

The ENISA report points out that IoT devices are placed inside homes or offices, in a relative physically secured environment, hence the network interface, mobile application environment, and cloud infrastructure are much more important than the security of the local hardware.

The report concludes that “Eurosmart’s certification scheme, due to its complexity, is an excellent candidate for substantial and high assurance levels as defined in the Cybersecurity Act."

The document then mentions ETSI EN 303 645 standard on security for consumer IoT devices, developed by ETSI TC Cyber. Gisela Meister, Eurosmart consultant, takes part in ETSI TC Cyber and will provide a presentation on this standard on 18 December at ENISA event on cybersecurity certification.

On a future candidate for a European cybersecurity certification scheme, the report concludes that -for the three levels of assurance- the technical rules would be based on the ETSI EN 3030 645 standard and on the Eurosmart scheme (especially for levels Substantial and High).

Extension of the Call of Expression of Interest – NIS Experts

ENISA recently extended its Call for Expression of Interest (CEI) to gather a list of NIS Experts. Selected experts would assist the Agency in its activities in the following fields:

A) Technical expertise in ICTs and emerging application areas

B) ICT Security Standardisation and certification

C) Technical expertise in Critical Information Infrastructure Protection (CIIP) and CSIRTs Cooperation

D) Legal expertise in NIS

E) NIS aspects of cybercrime