Home » Publications » Cybersecurity standard gap analysis

Cybersecurity standard gap analysis

The focus of this deliverable is to address the issue, with a white paper, of identifying the gaps in cybersecurity standards (and hence also certification). This is done using the methodology of focussed desk research first and foremost in order to gather together and to
summarize all of the key efforts that have gone before. We thereafter survey the cybersecurity research, industry, public sector and user communities in order to get inputs into identifying the perceived gaps.

The main objective is that we do not want to “reinvent the wheel”, but rather we want to build upon all of the efforts that have gone before and the knowledge that has been developed around cybersecurity standards and certification.
It is interesting to note that some of the most important conclusions in this deliverable have already been identified previously, which only serves to reinforce the issues that are well known.

First of all, lack of mutual recognition and harmonization of cybersecurity standards are again identified as two of the most important (if not THE most important) gaps that currently exist. This has been noted and mentioned again and again, not only in earlier deliverables from the Cyberwatching.eu, but also in myriad ENISA and ECSO efforts and publications. Common Criteria and SOG-IS (Senior Officials Group-Information Systems Security) have been mentioned in the responses to our survey as really the only recognized area of mutual recognition and harmonization already accomplished but still further work is needed.

Second, and also very important is the fact that IoT is a sector that has been identified as having a notable lack of standards with the added challenges of the first issues of mutual recognition and harmonization.
Finally, the deliverable makes the recommendation that efforts such as ECSO Working Group 1 Meta-Scheme and ECSO WG1 Self-Assessment methodology should be strengthened and can be the path forward with a first approach to address the “low hanging fruit” with mutual recognition and harmonization on the mid to longer term horizon.

Thursday, 23 May, 2019


Cyberwatching.eu is sharing with you its new post-webinar report from its 17th webinar on "Cybersecurity risk management: How to strengthen resilience and adapt in 2021". The webinar focussed on standardisation and certification, in particular in relation to the large European SME community with presentations from ECSO, which provided a policy setting to the webinar and key players such as SGS, and Cyberwatching.eu partners Digital SME Alliance and AON. And, shone the light on R&I research into the topic. Six R&I projects CyberSure, CUREX, GEIGER, PANACEA, RESISTO and SECONDO, presented their research in the field highlighting the risk management challenge they address, the key results and the main impacts of these results on European organisations (in particular SMEs).

Future Events

On 8 March, join CONNECT University in celebrating the International Women's Day 2021, together with Digital Single Market, Women4Cyber and ENISA, on an online session on "Women in Cybersecurity" at 14:00 CET.


Save the date: 9 March 2021, 11.00 – 12.30 CET

The Open Call Webinar organized by the TRINITY consortium will guide you through the application process for the TRINITY funding to give you all the instruments necessary to submit a competitive proposal! Don’t miss it.

Webinar Agenda

11.00 – 11.10 Introduction to TRINITY Open Call #2- Prof. Minna Lanz, Professor of Mechanical Engineering at Tampere University and TRINITY Coordinator.