WP-035-2020: Proposed strategy for OT component certification

The European Commission has made certification of products, services and processes one of the pillars of their cybersecurity strategy.
In the 2019 Cybersecurity Act, ENISA was tasked with developing a cybersecurity certification framework. In a rolling work program ENISA will develop harmonized, European certification schemes for products, services, and processes. In 2020, ENISA presented a candidate scheme based on Common Criteria (EUCC), and a candidate scheme for cloud services. The Joint Research Center (JRC) published requirements for an Industrial Automation & Control Systems Components Cybersecurity Certification Scheme (ICCS), which is also expected to be turned into a candidate scheme.
Given these developments, ENCS recommends that its members prepare for a certification meeting the requirements in the JRC ICCS. To make sure this scheme meets their needs, we should:

  • Develop profiles against which to certify components in the ICCS format
  • Help to develop an evaluation method for IEC 62443-4-2
  • Ensure that grid operators are represented in the ICCS governance

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

This field is for validation purposes and should be left unchanged.