14 DAY TRIAL // The EUCC was the first cybersecurity certification scheme application received by European Union Agency for Cybersecurity (ENISA) under the Cybersecurity Act in July 2019, according to Helpnet Security.
This scheme is intended to be a replacement for the existing SOGIS MRA-based schemes (Senior Officials Group Information Systems Security Mutual Recognition Agreement). It covers the certification of ICT products using Common Criteria ISO/IEC 15408 and serves as the basis for a European Cybersecurity certification framework.
The latter will include a series of programs designed to steadily increase confidence in ICT products, services, and processes certified under these programs while reducing costs within the Digital Single Market. The scheme was first published and put out for consultation on 1 July 2020, allowing certification stakeholders and interested parties to comment via a dedicated survey.
Key points of the public consultation
- Confirms the desire of certification bodies to use the system in the internal market as soon as it becomes accessible.
- Stakeholders invite ENISA to develop further advice to help with the implementation and operation of the scheme.
- Some stakeholders noted that certain aspects of the scheme need to be changed or addressed, such as the requirements or time periods for maintaining the certificates, and the monitoring and handling of non-conformities or vulnerabilities.
In addition to the Candidate Program, ENISA has supported the EU Cybersecurity Certification Framework in the following ways:
Creating a communication strategy targeting consumers to help them implement the EUCC scheme and inform them about what cybersecurity certification of ICT devices entails.
Facilitate the participation of newcomers to cybersecurity certification from the interested EU Member States in the EUCC system by providing a dedicated training program.
Establish a transition project to create and ensure the optimal circumstances for a smooth transition from the current national SOG-IS efforts to the current EUCC operation.
In accordance with the provisions of Article 49 (6, 7) of Regulation (EU) 2019/881, the Agency has currently forwarded the EUCC Candidate Scheme v.1.1.1 to the Commission (Cybersecurity Act). The Commission will start work on a Commission Implementing Regulation that may be adopted.