The EU Network Information and Security Agency publishes a cybersecurity assessment method, who is it prepared for?

Introduction: Recently, the European Union Cyber ​​Security Agency (ENISA) released a network security assessment method for the network security certification of industrial ICT systems.

Industry Cyber ​​Security, Assessment Methods (SCSA Method)

The Industry Cybersecurity Assessment Methodology (SCSA Methodology) was developed for the EU cybersecurity certification scheme for industry ICT infrastructure and ecosystems. The SCSA is designed to market acceptance of cybersecurity certification deployments in support of market stakeholders and the requirements of the EU Cybersecurity Act (CSA). Specifically, SCSA supports the determination of security and certification requirements based on the risks associated with the “intended use” of specific ICT products, services and processes.

The SCSA approach provides ENISA stakeholders with a comprehensive ICT security assessment tool, including all aspects related to the industry’s ICT systems, and provides comprehensive content for the implementation of ICT security and cybersecurity certification.

While SCSA employs widely accepted standards, particularly the ISO/IEC 27000 series and ISO/IEC 15408 series, improvements target multi-stakeholder systems, as well as specific safety and security for ICT products, processes and cybersecurity certification schemes level requirements.

The following content can be introduced into the specific implementation

Business processes, roles of sectoral stakeholders and business objectives are documented at the ecosystem level, overriding the ICT subsystems of each stakeholder. Stakeholders are invited to actively participate in identifying and assessing ICT security risks that may affect their business objectives.

A targeted approach links stakeholder risk ratings to safety and security level requirements for ICT subsystems, components or processes specific to industry ICT systems.

SCSA prescribes a consistent approach to implementing safety and security levels in all implementations of industry ICT systems and provides all the information required for an industry cybersecurity certification program.

Advantages of the SCSA method

Sectoral cybersecurity assessments provide an integrated approach that covers the multifaceted issues presented by complex multi-stakeholder ICT systems, with the following advantages:

The security of departmental systems requires that all involved stakeholders be kept in sync. SCSA introduces comparability of safety and assurance levels between different systems and system components. SCSA is able to create an open multi-stakeholder ecosystem among competitors, benefiting both suppliers and customers.

An open and transparent approach can mitigate security and authentication costs, and each stakeholder can achieve a good balance of business risks related to ICT security.

Security measures can be concentrated on critical components, optimizing the security architecture of departmental systems, thereby reducing security costs.

SCSA generates accurate and consistent information on safety and certification level requirements for all relevant ICT subsystems, components or processes.

Suppliers can precisely match their products to customer requirements.

SCSA supports the integration of existing risk management tools and information security management systems (ISMS).

Consistent definition of assurance levels, supporting certificates from other cybersecurity certification programs.

audience

The audience for SCSA is for those at the expert level, in particular ICT experts, ICT security experts and decision makers responsible for sectoral multi-stakeholder systems, as well as suppliers. Relevant examples include mobile networks/5G, Electronic identity (eID), e-health, payments, mobility as a service (MaaS), and automotive.

Next step

Following a successful pilot implementation in the context of 5G, the SCSA will be used for the development of the EU 5G Cybersecurity Candidate Certification Scheme.

The Links:   CM400HC6-24NFM G104SN03-V4