New series of European standards on cybersecurity
In order to assess and manage risk, and to implement best practices and technologies for mitigation of cyber security risk, it is essential to have a consistent approach, both to the categorization of risk factors and to their evaluation. And this is where a harmonized set of standards play a very important role.
Standards for cybersecurity and data protection are currently being developed both internationally and at the European level to address the risks posed by cyber-attacks and help ensure high levels of protection The advantage of such standards is that they have been elaborated with the broad consensus of organizations guaranteeing a consistency of approach and terminology.
As part of this effort, CEN and CENELEC’s JTC 13 ‘Cybersecurity and Data Protection’ just released a series of European Standards (ENs).
These new standards provide a series of guidelines and criteria to assess the security level of IT systems, cryptographic modules and privacy, adopting the European Single Market of standards developed at the international level, in the framework of ISO and IEC’s JTC 1 ‘Information Technology’, which is the main body responsible for international standardization on cybersecurity. The development at the international level of these standards shows a high level of coordination in establishing a common, global and effective degree of protection.
The new standards are listed below:
- EN ISO/IEC 15408-1:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model’
- EN ISO/IEC 15408-2:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional components’
- EN ISO/IEC 15408-3:2020 ‘Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance components’
- EN ISO/IEC 18045:2020 ‘Information technology - Security techniques - Methodology for IT security evaluation’
- EN ISO/IEC 19790:2020 ‘Information technology - Security techniques - Security requirements for cryptographic modules’
- EN ISO/IEC 27019:2020 ‘Information technology - Security techniques - Information security controls for the energy utility industry’
- EN ISO 29134:2020 ‘Information technology - Security techniques - Guidelines for privacy impact assessment’
Cyberwatching.eu has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 740129. The content of this website does not represent the opinion of the European Commission, and the European Commission is not responsible for any use that might be made of such content. Privacy Policy | Disclaimer / Terms and Conditions of Use