Cybersecurity Standards

Cybersecurity Standards: European and International standards supporting cybersecurity and the voluntary application of Regulation (EU) 2019/881 on ENISA and on information and communications technology cybersecurity certification (Cybersecurity Act)


Technical committee



Related standards or drafts


Project

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 2: Security functional components (ISO/IEC 15408-2:2022)

60.60 Standard published

CEN/CLC/JTC 13

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 3: Security assurance components (ISO/IEC 15408-3:2022)

60.60 Standard published

CEN/CLC/JTC 13

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 4: Framework for the specification of evaluation methods and activities (ISO/IEC 15408-4:2022)

60.60 Standard published

CEN/CLC/JTC 13

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 5: Pre-defined packages of security requirements (ISO/IEC 15408-5:2022)

60.60 Standard published

CEN/CLC/JTC 13

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Methodology for IT security evaluation (ISO/IEC 18045:2022)

60.60 Standard published

CEN/CLC/JTC 13
CEN/CENELEC

Fixed-time cybersecurity evaluation methodology for ICT products

60.60 Standard published

CEN/CLC/JTC 13
CEN/CENELEC

Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.

60.60 Standard published

CEN/CLC/JTC 13

Information security, cybersecurity and privacy protection - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2022)

60.60 Standard published

CEN/CLC/JTC 13

General requirements for the competence of testing and calibration laboratories (ISO/IEC 17025:2017)

60.60 Standard published

CEN/CLC/JTC 1

Conformity assessment - Requirements for bodies certifying products, processes and services (ISO/IEC 17065:2012)

60.60 Standard published

CEN/CLC/JTC 1

Information security, cybersecurity and privacy protection — Requirements for the competence of IT security testing and evaluation laboratories — Part 1: Evaluation for ISO/IEC 15408

60.60 Standard published

ISO/IEC JTC 1/SC 27

Information security, cybersecurity and privacy protection — Requirements for the competence of IT security testing and evaluation laboratories — Part 2: Testing for ISO/IEC 19790

60.60 Standard published

ISO/IEC JTC 1/SC 27

Cyber-attacks on crucial infrastructure, like power plants or hospitals, can significantly impact people's physical welfare and affect their ability to undertake basic activities. The security of these systems, apart from their broader IT systems, is ensured by Operational Technologies (OT) which supervise the proper performance of automated tasks like shutting down a generator to prevent a blackout or stopping a valve to avoid chemical overflow.

Cybersecurity is an important topic for connected devices and systems. ISO, IEC and CEN or CENELEC standards support cybersecurity and the application of the Cybersecurity Act.

European standards and International standards support the application of the Cybersecurity act and associated implementing legislation in Europe.

The line distinguishing Informational Technologies (IT) and Operational Technologies (OT) has been blurred thanks to the Industrial Internet of Things (IIoT) which connects physical machines to networked sensors and software. This connectivity and interaction have increased the potential entry points for cybercriminals, hence the need for a defense strategy that considers IT and OT environments.

Standards have been developed to protect information and ICT measures. These include security requirements capture methodology, management of information, and multiple security mechanisms. Such standards offer guidelines for security controls, services, and the management of information security systems. They also cover areas such as cryptographic and other security mechanisms, security aspects of identity management, and conformance assessment. As such, organizations must follow these standards to ensure the integrity of their IT and OT systems and minimize the risk of cyber-attacks. They span areas from cybersecurity evaluation methodology for ICT products, to supplier relationships in cybersecurity, health informatics cybersecurity, IoT security, and privacy requirements.

These stringent standards are a vital tool in the ongoing fight against cybercrime, providing clear guidelines for protecting the IT and OT environments within our critical infrastructure.

You may find below link to the European and International standards on Cybersecurity.

Click on the links below for accessing the standards or information about them.

Keywords: European Standards, International Standard, CEN standard, CENELEC standard, ISO/IEC Standard, ENISA, ENISA Regulation, ENISA, Cybersecurity Regulation, Cyber, EU Cyber, EU cyber security, Cyber security Europe