The Regulation on cybersecurity , establece, por un lado, los objetivos, tareas y aspectos organizativos relativos a ENISA (agency of the European Union for cybersecurity) ; and, on the other hand, a framework for the creation of European certification schemes of cyber security, in order to ensure an adequate level of cybersecurity of products, services and processes in the TIC HAT, as well as to avoid fragmentation of the internal market in the field of certification schemes of cybersecurity. Enter into force on 27 June 2019.
Firstly, develop aspects regarding ENISA that will help reduce the fragmentation of the internal market acting as a reference point for advice and expertise in cybersecurity in the HAT. The regulation establishes its objectives, tasks, organization, forecasts on your budget, staff, and other general provisions, as its legal status.
ENISA tasks include: contribute to the development and implementation of policy and the right of the union; attend building capacities of cybersecurity; support cooperation between member states, institutions, bodies and agencies and union among stakeholders (CERT-UE, network of CSIRT, cyber exercises, reports on the situation of cybersecurity, cooperative response); market, certification of cybersecurity and standardization; knowledge and information; awareness and education; research and innovation; and international cooperation.
The second big issue that addresses the regulation is the creation of the European framework for certification of cyber security which pursues a harmonized approach of European certification schemes of cybersecurity in the HAT, with the aim of creating a digital single market for products, services and processes of TIC.
This European framework of certification of cybersecurity defines a mechanism for European certification schemes of cyber security, and to confirm that the products, services and processes of TIC that have been evaluated according to these schemes to meet safety requirements specified with the objective of protecting the availability, authenticity, integrity and confidentiality of data stored, transmitted or processed or functions or services offered, or those that allow access, such products, services and processes throughout their life cycle.
The Commission publish a rolling programme of work for the European certification schemes cybersecurity that define the strategic priorities for future schemes. Includes a list of products, services and processes of Tick, or categories of the same, that could benefit their inclusion in the scope of an outline of European certification of cybersecurity.
Also establishes the rules conditions for the application, repair, adoption and revision of European certification schemes of cybersecurity; as well as its objectives, elements, levels of security, dissemination. Also provides forecasts on the certification of cybersecurity; the outlines and national certification certificates of cybersecurity; the national authorities of certification of cybersecurity; agencies of conformity assessment; and on a group Of European Certification of cybersecurity new posts.