SlideShare a Scribd company logo
Cybersecurity
certification for
European market
José Ruiz | JTSEC Cybersecurity Certification for European market
2 / 30
José Ruiz Gualda
jtsec Beyond IT Security
• Computer Engineer (University of Granada)
• Expert in Common Criteria, LINCE and FIPS
140-3
• Member of the SCCG (Stakeholder
Cybersecurity Certification Group) at the
European Commission.
• Editor of LINCE as UNE standard
• Editor in JTC13 WG3 of the FITCEM
Methodology
• European Commission editor for the ERNCIP
group "IACS Cybersecurity Certification".
jruiz@jtsec.es
José Ruiz | JTSEC Cybersecurity Certification for European market
jtsec Beyond IT Security
We are now part of Applus Laboratories
Cybersecurity Company providing
evaluation and consultancy services in
different technical domains (Smart Cards,
Hardware and Software)
Members of the SCCG (Stakeholder
Cybersecurity Certification Group)
First LINCE laboratory accredited by
CCN (Spanish Certification Body).
Developers of unique tools for Common
Criteria (CCToolbox) and LINCE
(LINCEToolbox)
Actively involved in standardization
activities (ISO, CEN/CENELEC, ISCI
WGs, ENISA CSA WGs, CCUF, CMUF,
ERNCIP, …)
Speakers at different events in the sector
such as ICCC, ICMC, CCN-CERT, EUCA
or ENISE).
3 / 30
José Ruiz | JTSEC Cybersecurity Certification for European market
4 / 30
José Ruiz Gualda
jtsec Beyond IT Security
• Computer Engineer (University of Granada)
• Expert in Common Criteria, LINCE and FIPS
140-3
• Member of the SCCG (Stakeholder
Cybersecurity Certification Group) at the
European Commission.
• Editor of LINCE as UNE standard
• Editor in JTC13 WG3 of the FITCEM
Methodology
• European Commission editor for the ERNCIP
group "IACS Cybersecurity Certification".
jruiz@jtsec.es
Some of our Asian customers
Our facilities in Asia
2 Labs (Shangai & Seoul)
4 Sales and Technical Services
INDEX
1. Introduction
2. Certification schemes & methodologies –
ICT Products
3. Overview of the main EU policies on
cybersecurity
4. Recommendatios for the European market
INDEX
1. Introduction
2. Certification schemes & methodologies –
ICT Products
3. Overview of the main EU policies on
cybersecurity
4. Recommendations for the European market
Introduction
José Ruiz | JTSEC Cybersecurity Certification for European market
7 / 30
The market is not only Common Criteria. It’s much bigger
Introduction
José Ruiz | JTSEC Cybersecurity Certification for European market
8/ 30
Number of products certified in the last 5 years
INDEX
1. Introduction
2. Certification schemes & methodologies –
ICT Products
3. Overview of the main EU policies on
cybersecurity
4. Recommendations for the European market
Certification schemes & methodologies
ICT Products (Common Criteria)
José Ruiz | JTSEC Cybersecurity Certification for European market
10/ 30
Common Criteria
An international standard (ISO/IEC
15408) published in 1994 and the
most recognized certification used for
assessing security in ICT products.
• Scope: International (more than 30
countries)
• Validity of the certificate: 5 years
Certification schemes & methodologies
ICT Products (Fixed-time)
José Ruiz | JTSEC Cybersecurity Certification for European market
11 / 30
LINCE
Is an evaluation and certification
methodology for ICT security
products developed by the Spanish
Certification Body (CCN).
• Scope: Spain
• Validity of the certificate: 5 years
CSPN
Developed by ANSSI, certifies the
robustness of a technological product,
based on a conformity analysis and
intrusion tests carried out by a CESTI.
• Scope: France
• Validity of the certificate: 5 years
Certification schemes & methodologies
ICT Products (Fixed-time)
José Ruiz | JTSEC Cybersecurity Certification for European market
12 / 30
BSPA
Is requested for Dutch government
agencies as well as product
manufacturers that want to get a
security-specific certificate for their
products.
• Scope: The Netherlands
• Validity of the certificate: 3 years
BSZ
Is based on predictable evaluation
times and ensures a reasonable level
of expenditure for product. The
evaluation follows a risk-driven
approach that establishes a high level
of trust in the security statements.
• Scope: Germany
• Validity of the certificate: 2 years
Certification schemes & methodologies
ICT Products (IOT Platforms)
José Ruiz | JTSEC Cybersecurity Certification for European market
13 / 30
SESIP
Provides a common and optimized
approach for evaluating the security of
connected products that meets the
specific compliance, security, privacy
and scalability challenges of the
evolving IoT ecosystem.
• Scope: International
• Validity of the certificate: 2 years
PSA
Provides standardized resources to
help resolve the growing fragmentation
of IoT requirements and ensure
security is no longer a barrier to
product development.
• Scope: International
• Validity of the certificate: N/E
GP TEE
Defines an open security architecture
for consumer and connected devices
using a TEE to secure devices,
enabling development & deployment of
secure services.
• Scope: International
• Validity of the certificate: User fixes
the period for the re-assessment.
Certification schemes & methodologies
ICT Products (IOT)
José Ruiz | JTSEC Cybersecurity Certification for European market
14 / 30
ioXt
The program measures a product
against each of the eight ioXt
principles with clear guidelines to
quantify the appropriate level of
security required for a specific product
• Scope: International
• Validity of the certificate: N/E
CSA
Ignites creativity and collaboration in
the IoT by developing, evolving and
promoting universal open standards
that enable all objects to securely
connect and interact.
• Scope: International
• Validity of the certificate: Valid for
the useful life of the product.
Certification schemes & methodologies
ICT Products (IOT Labels)
José Ruiz | JTSEC Cybersecurity Certification for European market
15 / 30
Germany
The IT Security Label creates
transparency for consumers, revealing
basic security features of IT products.
• Scope: Germany
• Validity of the certificate: 2 years
Finland
Created by Traficom in 2020, the
requirements of the Label are based on
ETSI EN 303 645 and have been
prioritized using the OWASP IoT TOP
10 Threat List (2018)development.
• Scope: Finland
• Validity of the certificate: N/E
Singapore
Smart devices are rated according to
their levels of cybersecurity provisions.
Enables consumers to identify products
with better cybersecurity provisions and
make informed decisions.
• Scope: Singapore
• Validity of the certificate: 3 years
Certification schemes & methodologies
ICT Products (Crypto)
José Ruiz | JTSEC Cybersecurity Certification for European market
16 / 30
FIPS 140-3
Developed by NIST defines the
requirements to be satisfied by a
crypto module in order to protect
sensitive information.
• Scope: International
• Validity of the certificate: 5 years
Certification schemes & methodologies
ICT Products (Industrial, operational technology in automation & control systems)
José Ruiz | JTSEC Cybersecurity Certification for European market
17 / 30
IECEE - IEC 62443 4-1 & 4-2
These two standards provide detailed
requirements for IACS products.
throughout their lifecycle.
• Scope: International
• Validity of the certificate: Can vary
depending on the certifying body
and the specific program the
organization adheres to.
ISA Secure
Certifies off-the-shelf products, systems
& development practices. Certifications
are developed and maintained by their
membership
• Scope: International
• Validity of the certificate: can vary
depending on the certifying body and
the specific program the organization
adheres to.
Certification schemes & methodologies
ICT Products (Transport)
José Ruiz | JTSEC Cybersecurity Certification for European market
18 / 30
MiFare
Based on various levels of the ISO/IEC
14443 Type A 13.56 MHz contactless
smart card standard. It uses AES and
DES/Triple-DES encryption standards,
as well as an older proprietary
encryption algorithm, Crypto-1.
• Scope: International
• Validity of the certificate: 5 years
FeliCa
Is an IC Card technology that supports
the entire life cycle of IC cards including
application dev, card issuance,
personalization & daily operation.
• Scope: Hong Kong, Singapore,
Japan, Indonesia, Macau, the
Philippines and the United States
• Validity of the certificate: 10 years
Calypso
Ensures multi-sources of compatible
products enabling the interoperability
between some operators offering a
ticketing system including evolutions
toward mobile phones, account-based
ticketing or public key infrastructure
• Scope: International
• Validity of the certificate: 7 years
Certification schemes & methodologies
ICT Products (Identity & digital signature)
José Ruiz | JTSEC Cybersecurity Certification for European market
19 / 30
FIDO
The FIDO protocols use standard
public key crypto techniques to provide
stronger authentication and are
designed from the ground up to protect
user privacy
• Scope: International
• Validity of the certificate: No
expiration
eIDAS
Set the standards and criteria for
simple electronic signature, advanced
electronic signature, qualified
electronic signature, qualified
certificates and online trust services.
• Scope: European Union
• Validity of the certificate: 5 years
Certification schemes & methodologies
ICT Products (Payment Cards)
José Ruiz | JTSEC Cybersecurity Certification for European market
20 / 30
Payment
Certifications from private companies
focused on payment security playing
crucial role due to the sensitive nature
and potential risks.
• Scope: International
• Validity of the certificate: Depends
Certification schemes & methodologies
ICT Products (POI Categories)
José Ruiz | JTSEC Cybersecurity Certification for European market
21 / 30
PCI
Payment Terminals are evaluated
using the PCI standard. Depending on
the technology used we can find PCI-
PTS, PCI-SPOC, PCI-MPOC, PCI-
CPOC
• Scope: International
• Validity of the certificate: Depending
on the version of the norm and the
approval class of the product
Common. SECC
Covers POIs deployed at merchants in
Germany and the UK. Requires that
terminals are evaluated for security
using Common Criteria (CC).
• Scope: Germany & UK
• Validity of the certificate: 6 years.
Certification schemes & methodologies
ICT Products (Mobility)
José Ruiz | JTSEC
22 / 30
MDCert
Is a certification program under
development by GSMA. It's based mainly
on the ETSI TS 103732. It has potential
implications for further developments
under 5G, eIDAS 2 and eventually CRA
• Scope: International
• Validity of the certificate: N/E
APP Defense Alliance
It's primarily based on OWASP
guidance and tools. The program is
working since 2022 and its
formalization in a scheme will follow
later this 2023.
• Scope: International
• Validity of the certificate: N/E.
Cybersecurity Certification for European market
Certification schemes & methodologies
ICT Products (5G)
José Ruiz | JTSEC Cybersecurity Certification for European market
23 / 30
NESAS
The purpose of the scheme is to audit
and test network equipment vendors,
and their products, against a security
baseline. The scheme has been defined
by industry experts through GSMA and
3GPP.
• Scope: International
• Validity of the certificate: 2 years
NESAS CCS-GI
This national certification scheme for
5G mobile network equipment allows
equipment vendors to demonstrate
compliance with required security
features through an IT security
certificate.
• Scope: Germany
• Validity of the certificate: 2,5 years.
INDEX
1. Introduction
2. Certification schemes & methodologies –
ICT Products
3. Overview of the main EU policies on
cybersecurity
4. Recommendations for the European market
Overview of the main EU policies on cybersecurity
CSA (CyberSecurity Act)
Definition
Proposes the creation of a common European
framework for the certification of "cybersecure" ICT
products and services.
One of the main objectives of the Cybersecurity Act is to
increase the competitiveness and growth of European
companies. Key to this is the ability to issue
cybersecurity certificates recognized throughout
Europe for systems, processes and products while
minimizing their cost.
The Cybersecurity Act aims to achieve this objective by
creating a common European framework for the
development of common schemes for cybersecurity
certification.
The Cybersecurity Act or CSA sets out three levels of
assurance (basic, substantial and high)
José Ruiz | JTSEC Cybersecurity Certification for European market
25 / 30
Overview of the main EU policies on cybersecurity
URWP (Union Rolling Work Programme)
Definition
Created by the European Commission defines the
priorities at European level in terms of cybersecurity
certification. It is a document to be taken into account by
manufacturers, Public Bodies and companies related to
the cybersecurity certification sector.
The URWP contains a series of strategic lines of action,
five to be precise, which focus on improving cybersecurity
in the European Union as a whole, covering both the
public and private sectors:
• International cooperation
• Standardization
• Risk management
• Security by design and security by default
• Consistency between schemes
José Ruiz | JTSEC Cybersecurity Certification for European market
26 / 30
Overview of the main EU policies on cybersecurity
CRA (Cyber Resilience Act)
Definition
The CRA is an initiative that aims to ensure that
vendors establish appropriate cybersecurity
safeguards in the digital products they sell. By
establishing cybersecurity requirements before and after
a product is marketed, the CRA will strengthen the
security and resilience of the entire supply chain for the
benefit of businesses and end consumers.
The main mission of the Cybersecurity Resilience Act is
to fill existing gaps in legislation by creating
horizontal legislation defining European
cybersecurity standards for digital products and
services, as currently EU product-specific legislation
mostly covers security aspects and addresses
cybersecurity only partially.
José Ruiz | JTSEC Cybersecurity Certification for European market
27 / 30
Requirements for manufacturers
• Security by design and by default for all products
within the scope of the regulation.
• Cybersecurity requirements throughout the life cycle
(before and after the product is placed on the market).
• Vulnerability management and (whenever possible)
security patching.
• Transparency of the supply chain of hardware or
software components.
• Enumeration of software components.
• End-user information on the cybersecurity level of
the product.
• Security reporting requirements for each product.
• Post-market security support requirements
(probably limited to a period of 5 years after
commercialization).
Overview of the main EU policies on cybersecurity
NIS2
Definition
The NIS2 directive will establish a set of requirements for
the cybersecurity risk management of critical entities,
in particular those related to energy, health, transport
and digital infrastructure.
The directive aims at eliminating divergences between
the member states regarding cybersecurity and
reporting
obligations to the public authority. To this end, it sets
minimum standards and establishes mechanisms for
effective cooperation between the competent
authorities of each EU Member State. Provides for
heavy sanctions to ensure enforcement
José Ruiz | JTSEC Cybersecurity Certification for European market
28 / 30
Sectors affected by NIS 2
Food Manufacturers Postal & Courier Providers of
electronic
communications
Space Public
Administration
Digital Services Waste water and
waste management
INDEX
1. Introduction
2. Certification schemes & methodologies –
ICT Products
3. Overview of the main EU policies on
cybersecurity
4. Recommendatios for the European market
Recommendations for the European Market
José Ruiz | JTSEC Cybersecurity Certification for European market
30 / 30
• Cybersecurity certification requirements already in force (e.g.
EIDAS)
• Other regulations will come in the following years (e.g.
CRA). This implies mandatory requirements for
manufacturers to be able to do business in Europe
• Methodologies and schemes developed in Europe will be
used.
• Prepare in advance for the introduction on the European
market. E.g. Patch management strategy or Cybersecurity by
design takes time.
• Certifications involve both financial and personnel efforts for
manufacturers. These certifications are not simple to
achieve.
• Stay up to date! Follow standardization efforts! Changes are
coming!!
Thank you

More Related Content

What's hot

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)
CAS
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
Miguel A. Amutio
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001
chutinhha
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
foram74
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 

What's hot (20)

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)Internet security association and key management protocol (isakmp)
Internet security association and key management protocol (isakmp)
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 

Similar to TAICS - Cybersecurity Certification for European Market.pptx

EuroPriSe and ISDP10003 2015 -
EuroPriSe and ISDP10003  2015 - EuroPriSe and ISDP10003  2015 -
EuroPriSe and ISDP10003 2015 -
Marco Moreschini
 
EuroPriSe and ISDP 10003 2015
EuroPriSe and ISDP 10003 2015EuroPriSe and ISDP 10003 2015
EuroPriSe and ISDP 10003 2015
Marco Moreschini
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluation
Axel Rennoch
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
Stefane Mouille
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2
俠客科技
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
Javier Tallón
 
Common Criteria service overview for Developers - jtsec a CC consultancy company
Common Criteria service overview for Developers - jtsec a CC consultancy companyCommon Criteria service overview for Developers - jtsec a CC consultancy company
Common Criteria service overview for Developers - jtsec a CC consultancy company
Javier Tallón
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
Javier Tallón
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
Pierre-Jean Verrando
 
05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego
Elena Cortés Ventura
 
05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego
Redit
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification.  Chapter IIIndustrial Automation Control Systems Cybersecurity Certification.  Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Javier Tallón
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
Deutsche Telekom AG
 
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
PROIDEA
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
Elsa Prieto
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
Peter921148
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Onward Security
 
Trust and security technologies: Lessons from the CRISP project
Trust and security technologies: Lessons from the CRISP projectTrust and security technologies: Lessons from the CRISP project
Trust and security technologies: Lessons from the CRISP project
Trilateral Research
 
Can Trust In Security TEchnologies be Enhanced through Certification?
Can Trust In Security TEchnologies be Enhanced through Certification?Can Trust In Security TEchnologies be Enhanced through Certification?
Can Trust In Security TEchnologies be Enhanced through Certification?
CRISP Project
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1
FORMAEMPLEO
 

Similar to TAICS - Cybersecurity Certification for European Market.pptx (20)

EuroPriSe and ISDP10003 2015 -
EuroPriSe and ISDP10003  2015 - EuroPriSe and ISDP10003  2015 -
EuroPriSe and ISDP10003 2015 -
 
EuroPriSe and ISDP 10003 2015
EuroPriSe and ISDP 10003 2015EuroPriSe and ISDP 10003 2015
EuroPriSe and ISDP 10003 2015
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluation
 
Eurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentationEurosmart etsi-e-io t-scs-presentation
Eurosmart etsi-e-io t-scs-presentation
 
德國TSI公司簡報-2
德國TSI公司簡報-2德國TSI公司簡報-2
德國TSI公司簡報-2
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
Common Criteria service overview for Developers - jtsec a CC consultancy company
Common Criteria service overview for Developers - jtsec a CC consultancy companyCommon Criteria service overview for Developers - jtsec a CC consultancy company
Common Criteria service overview for Developers - jtsec a CC consultancy company
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 
Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...Ethical hacking, the way to get product & solution confidence and trust in an...
Ethical hacking, the way to get product & solution confidence and trust in an...
 
05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego
 
05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego05_Alter Technology_Julián Gallego
05_Alter Technology_Julián Gallego
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification.  Chapter IIIndustrial Automation Control Systems Cybersecurity Certification.  Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
PLNOG20 - Janusz Pieczerak - European Cyber Security Organisation – lesson le...
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
 
Huwei Cyber Security Presentation
Huwei Cyber Security PresentationHuwei Cyber Security Presentation
Huwei Cyber Security Presentation
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
 
Trust and security technologies: Lessons from the CRISP project
Trust and security technologies: Lessons from the CRISP projectTrust and security technologies: Lessons from the CRISP project
Trust and security technologies: Lessons from the CRISP project
 
Can Trust In Security TEchnologies be Enhanced through Certification?
Can Trust In Security TEchnologies be Enhanced through Certification?Can Trust In Security TEchnologies be Enhanced through Certification?
Can Trust In Security TEchnologies be Enhanced through Certification?
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1
 

More from Javier Tallón

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
Javier Tallón
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Javier Tallón
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
Javier Tallón
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
Javier Tallón
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
Javier Tallón
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
Javier Tallón
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
Javier Tallón
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
Javier Tallón
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
Javier Tallón
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
Javier Tallón
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
Javier Tallón
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
Javier Tallón
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
Javier Tallón
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
Javier Tallón
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
Javier Tallón
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
Javier Tallón
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
Javier Tallón
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
Javier Tallón
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
Javier Tallón
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easy
Javier Tallón
 

More from Javier Tallón (20)

Evolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio IIEvolucionando la evaluación criptográfica - Episodio II
Evolucionando la evaluación criptográfica - Episodio II
 
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
Cómo evaluar soluciones biométricas para incluir productos de videoidentifica...
 
ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?ICCC2023 Statistics Report, has Common Criteria reached its peak?
ICCC2023 Statistics Report, has Common Criteria reached its peak?
 
ICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCNICCC23 -The new cryptographic evaluation methodology created by CCN
ICCC23 -The new cryptographic evaluation methodology created by CCN
 
La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...La ventaja de implementar una solución de ciberseguridad certificada por el C...
La ventaja de implementar una solución de ciberseguridad certificada por el C...
 
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdfEUCA23 - Evolution of cryptographic evaluation in Europe.pdf
EUCA23 - Evolution of cryptographic evaluation in Europe.pdf
 
Hacking your jeta.pdf
Hacking your jeta.pdfHacking your jeta.pdf
Hacking your jeta.pdf
 
Evolucionado la evaluación Criptográfica
Evolucionado la evaluación CriptográficaEvolucionado la evaluación Criptográfica
Evolucionado la evaluación Criptográfica
 
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
España y CCN como referentes en la evaluación de ciberseguridad de soluciones...
 
EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896EUCA 22 - Let's harmonize labs competence ISO 19896
EUCA 22 - Let's harmonize labs competence ISO 19896
 
EUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemesEUCA22 Panel Discussion: Differences between lightweight certification schemes
EUCA22 Panel Discussion: Differences between lightweight certification schemes
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...Cross standard and scheme composition - A needed cornerstone for the European...
Cross standard and scheme composition - A needed cornerstone for the European...
 
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
¿Cómo incluir productos y servicios en el catálogo CPSTIC (CCN-STIC 105)?
 
Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?Is Automation Necessary for the CC Survival?
Is Automation Necessary for the CC Survival?
 
CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2CCCAB tool - Making CABs life easy - Chapter 2
CCCAB tool - Making CABs life easy - Chapter 2
 
2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...2022 CC Statistics report: will this year beat last year's record number of c...
2022 CC Statistics report: will this year beat last year's record number of c...
 
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
CCCAB, la apuesta europea por la automatización de los Organismos de Certific...
 
Automating Common Criteria
Automating Common Criteria Automating Common Criteria
Automating Common Criteria
 
CCCAB - Making CABs life easy
CCCAB -  Making CABs life easyCCCAB -  Making CABs life easy
CCCAB - Making CABs life easy
 

Recently uploaded

一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 

Recently uploaded (12)

一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 

TAICS - Cybersecurity Certification for European Market.pptx

  • 2. José Ruiz | JTSEC Cybersecurity Certification for European market 2 / 30 José Ruiz Gualda jtsec Beyond IT Security • Computer Engineer (University of Granada) • Expert in Common Criteria, LINCE and FIPS 140-3 • Member of the SCCG (Stakeholder Cybersecurity Certification Group) at the European Commission. • Editor of LINCE as UNE standard • Editor in JTC13 WG3 of the FITCEM Methodology • European Commission editor for the ERNCIP group "IACS Cybersecurity Certification". jruiz@jtsec.es
  • 3. José Ruiz | JTSEC Cybersecurity Certification for European market jtsec Beyond IT Security We are now part of Applus Laboratories Cybersecurity Company providing evaluation and consultancy services in different technical domains (Smart Cards, Hardware and Software) Members of the SCCG (Stakeholder Cybersecurity Certification Group) First LINCE laboratory accredited by CCN (Spanish Certification Body). Developers of unique tools for Common Criteria (CCToolbox) and LINCE (LINCEToolbox) Actively involved in standardization activities (ISO, CEN/CENELEC, ISCI WGs, ENISA CSA WGs, CCUF, CMUF, ERNCIP, …) Speakers at different events in the sector such as ICCC, ICMC, CCN-CERT, EUCA or ENISE). 3 / 30
  • 4. José Ruiz | JTSEC Cybersecurity Certification for European market 4 / 30 José Ruiz Gualda jtsec Beyond IT Security • Computer Engineer (University of Granada) • Expert in Common Criteria, LINCE and FIPS 140-3 • Member of the SCCG (Stakeholder Cybersecurity Certification Group) at the European Commission. • Editor of LINCE as UNE standard • Editor in JTC13 WG3 of the FITCEM Methodology • European Commission editor for the ERNCIP group "IACS Cybersecurity Certification". jruiz@jtsec.es Some of our Asian customers Our facilities in Asia 2 Labs (Shangai & Seoul) 4 Sales and Technical Services
  • 5. INDEX 1. Introduction 2. Certification schemes & methodologies – ICT Products 3. Overview of the main EU policies on cybersecurity 4. Recommendatios for the European market
  • 6. INDEX 1. Introduction 2. Certification schemes & methodologies – ICT Products 3. Overview of the main EU policies on cybersecurity 4. Recommendations for the European market
  • 7. Introduction José Ruiz | JTSEC Cybersecurity Certification for European market 7 / 30 The market is not only Common Criteria. It’s much bigger
  • 8. Introduction José Ruiz | JTSEC Cybersecurity Certification for European market 8/ 30 Number of products certified in the last 5 years
  • 9. INDEX 1. Introduction 2. Certification schemes & methodologies – ICT Products 3. Overview of the main EU policies on cybersecurity 4. Recommendations for the European market
  • 10. Certification schemes & methodologies ICT Products (Common Criteria) José Ruiz | JTSEC Cybersecurity Certification for European market 10/ 30 Common Criteria An international standard (ISO/IEC 15408) published in 1994 and the most recognized certification used for assessing security in ICT products. • Scope: International (more than 30 countries) • Validity of the certificate: 5 years
  • 11. Certification schemes & methodologies ICT Products (Fixed-time) José Ruiz | JTSEC Cybersecurity Certification for European market 11 / 30 LINCE Is an evaluation and certification methodology for ICT security products developed by the Spanish Certification Body (CCN). • Scope: Spain • Validity of the certificate: 5 years CSPN Developed by ANSSI, certifies the robustness of a technological product, based on a conformity analysis and intrusion tests carried out by a CESTI. • Scope: France • Validity of the certificate: 5 years
  • 12. Certification schemes & methodologies ICT Products (Fixed-time) José Ruiz | JTSEC Cybersecurity Certification for European market 12 / 30 BSPA Is requested for Dutch government agencies as well as product manufacturers that want to get a security-specific certificate for their products. • Scope: The Netherlands • Validity of the certificate: 3 years BSZ Is based on predictable evaluation times and ensures a reasonable level of expenditure for product. The evaluation follows a risk-driven approach that establishes a high level of trust in the security statements. • Scope: Germany • Validity of the certificate: 2 years
  • 13. Certification schemes & methodologies ICT Products (IOT Platforms) José Ruiz | JTSEC Cybersecurity Certification for European market 13 / 30 SESIP Provides a common and optimized approach for evaluating the security of connected products that meets the specific compliance, security, privacy and scalability challenges of the evolving IoT ecosystem. • Scope: International • Validity of the certificate: 2 years PSA Provides standardized resources to help resolve the growing fragmentation of IoT requirements and ensure security is no longer a barrier to product development. • Scope: International • Validity of the certificate: N/E GP TEE Defines an open security architecture for consumer and connected devices using a TEE to secure devices, enabling development & deployment of secure services. • Scope: International • Validity of the certificate: User fixes the period for the re-assessment.
  • 14. Certification schemes & methodologies ICT Products (IOT) José Ruiz | JTSEC Cybersecurity Certification for European market 14 / 30 ioXt The program measures a product against each of the eight ioXt principles with clear guidelines to quantify the appropriate level of security required for a specific product • Scope: International • Validity of the certificate: N/E CSA Ignites creativity and collaboration in the IoT by developing, evolving and promoting universal open standards that enable all objects to securely connect and interact. • Scope: International • Validity of the certificate: Valid for the useful life of the product.
  • 15. Certification schemes & methodologies ICT Products (IOT Labels) José Ruiz | JTSEC Cybersecurity Certification for European market 15 / 30 Germany The IT Security Label creates transparency for consumers, revealing basic security features of IT products. • Scope: Germany • Validity of the certificate: 2 years Finland Created by Traficom in 2020, the requirements of the Label are based on ETSI EN 303 645 and have been prioritized using the OWASP IoT TOP 10 Threat List (2018)development. • Scope: Finland • Validity of the certificate: N/E Singapore Smart devices are rated according to their levels of cybersecurity provisions. Enables consumers to identify products with better cybersecurity provisions and make informed decisions. • Scope: Singapore • Validity of the certificate: 3 years
  • 16. Certification schemes & methodologies ICT Products (Crypto) José Ruiz | JTSEC Cybersecurity Certification for European market 16 / 30 FIPS 140-3 Developed by NIST defines the requirements to be satisfied by a crypto module in order to protect sensitive information. • Scope: International • Validity of the certificate: 5 years
  • 17. Certification schemes & methodologies ICT Products (Industrial, operational technology in automation & control systems) José Ruiz | JTSEC Cybersecurity Certification for European market 17 / 30 IECEE - IEC 62443 4-1 & 4-2 These two standards provide detailed requirements for IACS products. throughout their lifecycle. • Scope: International • Validity of the certificate: Can vary depending on the certifying body and the specific program the organization adheres to. ISA Secure Certifies off-the-shelf products, systems & development practices. Certifications are developed and maintained by their membership • Scope: International • Validity of the certificate: can vary depending on the certifying body and the specific program the organization adheres to.
  • 18. Certification schemes & methodologies ICT Products (Transport) José Ruiz | JTSEC Cybersecurity Certification for European market 18 / 30 MiFare Based on various levels of the ISO/IEC 14443 Type A 13.56 MHz contactless smart card standard. It uses AES and DES/Triple-DES encryption standards, as well as an older proprietary encryption algorithm, Crypto-1. • Scope: International • Validity of the certificate: 5 years FeliCa Is an IC Card technology that supports the entire life cycle of IC cards including application dev, card issuance, personalization & daily operation. • Scope: Hong Kong, Singapore, Japan, Indonesia, Macau, the Philippines and the United States • Validity of the certificate: 10 years Calypso Ensures multi-sources of compatible products enabling the interoperability between some operators offering a ticketing system including evolutions toward mobile phones, account-based ticketing or public key infrastructure • Scope: International • Validity of the certificate: 7 years
  • 19. Certification schemes & methodologies ICT Products (Identity & digital signature) José Ruiz | JTSEC Cybersecurity Certification for European market 19 / 30 FIDO The FIDO protocols use standard public key crypto techniques to provide stronger authentication and are designed from the ground up to protect user privacy • Scope: International • Validity of the certificate: No expiration eIDAS Set the standards and criteria for simple electronic signature, advanced electronic signature, qualified electronic signature, qualified certificates and online trust services. • Scope: European Union • Validity of the certificate: 5 years
  • 20. Certification schemes & methodologies ICT Products (Payment Cards) José Ruiz | JTSEC Cybersecurity Certification for European market 20 / 30 Payment Certifications from private companies focused on payment security playing crucial role due to the sensitive nature and potential risks. • Scope: International • Validity of the certificate: Depends
  • 21. Certification schemes & methodologies ICT Products (POI Categories) José Ruiz | JTSEC Cybersecurity Certification for European market 21 / 30 PCI Payment Terminals are evaluated using the PCI standard. Depending on the technology used we can find PCI- PTS, PCI-SPOC, PCI-MPOC, PCI- CPOC • Scope: International • Validity of the certificate: Depending on the version of the norm and the approval class of the product Common. SECC Covers POIs deployed at merchants in Germany and the UK. Requires that terminals are evaluated for security using Common Criteria (CC). • Scope: Germany & UK • Validity of the certificate: 6 years.
  • 22. Certification schemes & methodologies ICT Products (Mobility) José Ruiz | JTSEC 22 / 30 MDCert Is a certification program under development by GSMA. It's based mainly on the ETSI TS 103732. It has potential implications for further developments under 5G, eIDAS 2 and eventually CRA • Scope: International • Validity of the certificate: N/E APP Defense Alliance It's primarily based on OWASP guidance and tools. The program is working since 2022 and its formalization in a scheme will follow later this 2023. • Scope: International • Validity of the certificate: N/E. Cybersecurity Certification for European market
  • 23. Certification schemes & methodologies ICT Products (5G) José Ruiz | JTSEC Cybersecurity Certification for European market 23 / 30 NESAS The purpose of the scheme is to audit and test network equipment vendors, and their products, against a security baseline. The scheme has been defined by industry experts through GSMA and 3GPP. • Scope: International • Validity of the certificate: 2 years NESAS CCS-GI This national certification scheme for 5G mobile network equipment allows equipment vendors to demonstrate compliance with required security features through an IT security certificate. • Scope: Germany • Validity of the certificate: 2,5 years.
  • 24. INDEX 1. Introduction 2. Certification schemes & methodologies – ICT Products 3. Overview of the main EU policies on cybersecurity 4. Recommendations for the European market
  • 25. Overview of the main EU policies on cybersecurity CSA (CyberSecurity Act) Definition Proposes the creation of a common European framework for the certification of "cybersecure" ICT products and services. One of the main objectives of the Cybersecurity Act is to increase the competitiveness and growth of European companies. Key to this is the ability to issue cybersecurity certificates recognized throughout Europe for systems, processes and products while minimizing their cost. The Cybersecurity Act aims to achieve this objective by creating a common European framework for the development of common schemes for cybersecurity certification. The Cybersecurity Act or CSA sets out three levels of assurance (basic, substantial and high) José Ruiz | JTSEC Cybersecurity Certification for European market 25 / 30
  • 26. Overview of the main EU policies on cybersecurity URWP (Union Rolling Work Programme) Definition Created by the European Commission defines the priorities at European level in terms of cybersecurity certification. It is a document to be taken into account by manufacturers, Public Bodies and companies related to the cybersecurity certification sector. The URWP contains a series of strategic lines of action, five to be precise, which focus on improving cybersecurity in the European Union as a whole, covering both the public and private sectors: • International cooperation • Standardization • Risk management • Security by design and security by default • Consistency between schemes José Ruiz | JTSEC Cybersecurity Certification for European market 26 / 30
  • 27. Overview of the main EU policies on cybersecurity CRA (Cyber Resilience Act) Definition The CRA is an initiative that aims to ensure that vendors establish appropriate cybersecurity safeguards in the digital products they sell. By establishing cybersecurity requirements before and after a product is marketed, the CRA will strengthen the security and resilience of the entire supply chain for the benefit of businesses and end consumers. The main mission of the Cybersecurity Resilience Act is to fill existing gaps in legislation by creating horizontal legislation defining European cybersecurity standards for digital products and services, as currently EU product-specific legislation mostly covers security aspects and addresses cybersecurity only partially. José Ruiz | JTSEC Cybersecurity Certification for European market 27 / 30 Requirements for manufacturers • Security by design and by default for all products within the scope of the regulation. • Cybersecurity requirements throughout the life cycle (before and after the product is placed on the market). • Vulnerability management and (whenever possible) security patching. • Transparency of the supply chain of hardware or software components. • Enumeration of software components. • End-user information on the cybersecurity level of the product. • Security reporting requirements for each product. • Post-market security support requirements (probably limited to a period of 5 years after commercialization).
  • 28. Overview of the main EU policies on cybersecurity NIS2 Definition The NIS2 directive will establish a set of requirements for the cybersecurity risk management of critical entities, in particular those related to energy, health, transport and digital infrastructure. The directive aims at eliminating divergences between the member states regarding cybersecurity and reporting obligations to the public authority. To this end, it sets minimum standards and establishes mechanisms for effective cooperation between the competent authorities of each EU Member State. Provides for heavy sanctions to ensure enforcement José Ruiz | JTSEC Cybersecurity Certification for European market 28 / 30 Sectors affected by NIS 2 Food Manufacturers Postal & Courier Providers of electronic communications Space Public Administration Digital Services Waste water and waste management
  • 29. INDEX 1. Introduction 2. Certification schemes & methodologies – ICT Products 3. Overview of the main EU policies on cybersecurity 4. Recommendatios for the European market
  • 30. Recommendations for the European Market José Ruiz | JTSEC Cybersecurity Certification for European market 30 / 30 • Cybersecurity certification requirements already in force (e.g. EIDAS) • Other regulations will come in the following years (e.g. CRA). This implies mandatory requirements for manufacturers to be able to do business in Europe • Methodologies and schemes developed in Europe will be used. • Prepare in advance for the introduction on the European market. E.g. Patch management strategy or Cybersecurity by design takes time. • Certifications involve both financial and personnel efforts for manufacturers. These certifications are not simple to achieve. • Stay up to date! Follow standardization efforts! Changes are coming!!