Skip to content
Search our site  
    January 7, 2021

    Strong drive from the EU cybersecurity act

    On December 18th, 2020, ENISA (The European Union Agency for Cybersecurity) hosted a virtual Cybersecurity Certification Conference called “Cybersecurity certification is a global trade and trust instrument”.

    Nemko, as a cybersecurity certification body for both consumer IoT and Common Criteria, was impressed by the strong focus EU and ENISA has on the cyber certification schemes.

    The seminar concentrated on the implementation of the EU cybersecurity act at the national level, and examples of similar programs outside Europe were presented.

    Some main takeaways from the ENISA seminar

    • In the summer of 2020, ENISA gathered input on a proposed certification scheme for level 2 and 3 products. Industry members provided comments, and a “final” version is expected soon. This proposed scheme does not cover consumer IoT.
    • The government/authorities are taking the implementing of certification schemes under the EU Cyber Security Act very seriously, and plans were presented on how to meet these schemes.
    • Certification Bodies and Evaluation laboratories are to be qualified, and accreditation will be needed. The national accreditation bodies will be ready to perform necessary assessments and accreditation.
    • For IoT consumer products ETSI/EN 303 645 is the preferred standard, and the ETSI/EN 103 701 “Cyber assessment for consumer IoT” is to be published Q1 of 2021.
    • A draft certification scheme for Cloud Services will be published for comments on December 22nd. The deadline for comments is February 7th.

    Please find the agenda on ENISA web page, and the presentations held are expected to be available at a later date.

    Nemko is hiring cybersecurity evaluators!

    After the acquisition of the company System Sikkerhet AS in February 2020, we have decided to grow our capacity and competence by hiring more cybersecurity evaluators within the field of Common Criteria (CC) certification and support.
    See the ad here


    Geir Hørthe

    Geir Hørthe is responsible for the Nemko cyber security initiative. He has worked at Nemko for more than 30 years, in the capacity of test services, lab manager of safety, ATEX and medical departments. He has also been Managing Director at the Nemko office in London for two years. After he returned to Norway, he held...

    Other posts you might be interested in