The European Commission has made certification of products, services and processes one of the pillars of their cybersecurity strategy.
In the 2019 Cybersecurity Act, ENISA was tasked with developing a cybersecurity certification framework. In a rolling work program ENISA will develop harmonized, European certification schemes for products, services, and processes. In 2020, ENISA presented a candidate scheme based on Common Criteria (EUCC), and a candidate scheme for cloud services. The Joint Research Center (JRC) published requirements for an Industrial Automation & Control Systems Components Cybersecurity Certification Scheme (ICCS), which is also expected to be turned into a candidate scheme.
Given these developments, ENCS recommends that its members prepare for a certification meeting the requirements in the JRC ICCS. To make sure this scheme meets their needs, we should:
- Develop profiles against which to certify components in the ICCS format
- Help to develop an evaluation method for IEC 62443-4-2
- Ensure that grid operators are represented in the ICCS governance