Discover our working group
This Working Group brings together certifiers, test labs, component manufacturers, system integrators, service providers, national public administrations, RTOs, etc. to contribute to activities for pre-standardisation and to support the development and use of trusted European certified solutions across the supply chain and the various sectors.
Mission & Objectives
The mission of this WG is to support the roll-out of EU ICT security certification schemes, standard and legislative recommendations, and ensure the establishment of trusted and resilient supply chains in Europe. Some of the objectives are:
- Understand the challenges of the industry in using standards and certification schemes.
- Understand the needs of the market to identify the gaps in standardisation and propose a roadmap for priorities.
- Define methodologies and approaches to facilitate and support the use of certification schemes.
- Provide guidelines & recommendations on European legislations and policy initiatives.
- Continue and strengthen collaborations with ENISA, EC, European SDOs and other relevant stakeholders.
- Support policy implementation: link with DEP priorities describing challenges and plan for the future. Development of capabilities.
- Address the challenges for a trusted supply chain and management of the risks.
- Identify the challenges for SMEs in using certification schemes and define guidelines / best practices.
- Study and explain system and service lifecycle and associated risk management.
- Focus on the technical details of the composition approach: the operational phase (e.g. vulnerability and patch management) of the composed product and expectations for product composition. Link with first EU certification schemes.
Collaboration at EU level on standardisation
MoU signed with CEN/CENELEC and ETSI for definition of priorities for developing EU standards linked to certification an...Read more
Collaboration with ENISA on certification
As part of the Stakeholder Cybersecurity Certification Group (SCCG), ECSO collaborates with ENISA on cybersecurity certi...Read more
Participation to the Joint Research Center on IACS (ERNCIP IACS)
Collaboration on recommendations for the IACS Components Cybersecurity Certifications SchemeRead more
Participation to the ICT Standardisation Multi-Stakeholder Platform
Collaboration on the ICT Standardisation Multi-Stakeholder Platform & Rolling Plan with the European CommissionRead more
Guidelines & recommendations on certification policies and standards
- Meta-scheme approach (supported the Council for the discussions leading to the creation of a European Cybersecurity Certification Framework) and Challenges ahead for the roll out of the Cybersecurity Act publications.
- Mapping of cybersecurity standards and certification schemes (SOTA)
- Mapping of industrial needs for certification (COTI)
- Analysis of best practices for security assessment of products, systems and services and business constraints
- Product certification “composition” underlying the principles and practical aspects to reuse evidence in certification (‘composition’) and reduce the time to market (a second version is under definition).
- System lifecycle and associated risk management: awareness about system security and considerations about system security compliance and certification (under definition)
Cooperation with ESOs, EC and EU Agencies
ECSO has positioned itself as a key actor in the European standardisation and certification institutional landscape. Thanks to its constituency and cumulated expertise, it has gained recognition and is frequently solicited by EU Institutions for recommendations and advice.