WP-035-2020: Proposed strategy for OT component certification [DRAFT]

The European Commission has made certification of products, services and processes one of the pillars of their cybersecurity strategy.
In the 2019 Cybersecurity Act, ENISA was tasked with developing a cybersecurity certification framework. In a rolling work program ENISA will develop harmonized, European certification schemes for products, services, and processes. In 2020, ENISA presented a candidate scheme based on Common Criteria (EUCC), and a candidate scheme for cloud services. The Joint Research Center (JRC) published requirements for an Industrial Automation & Control Systems Components Cybersecurity Certification Scheme (ICCS), which is also expected to be turned into a candidate scheme.
Given these developments, ENCS recommends that its members prepare for a certification meeting the requirements in the JRC ICCS. To make sure this scheme meets their needs, we should:

  • Develop profiles against which to certify components in the ICCS format
  • Help to develop an evaluation method for IEC 62443-4-2
  • Ensure that grid operators are represented in the ICCS governance

Download this document (members only)

Download document

"*" geeft vereiste velden aan

Dit veld is bedoeld voor validatiedoeleinden en moet niet worden gewijzigd.