My favourites

TITLE III – Cybersecurity certification network (Art. 46-65)

Art. 46 CSA - European cybersecurity certification framework arrow_right_alt

Art. 47 CSA - The Union rolling work programme for European cybersecurity certification arrow_right_alt

Art. 48 CSA - Request for a European cybersecurity certification scheme arrow_right_alt

Art. 49 CSA - Preparation, adoption and review of a European cybersecurity certification scheme arrow_right_alt

Art. 50 CSA - Website on European cybersecurity certification schemes arrow_right_alt

Art. 51 CSA - Security objectives of European cybersecurity certification schemes arrow_right_alt

Art. 52 CSA - Assurance levels of European cybersecurity certification schemes arrow_right_alt

Art. 53 CSA - Conformity self-assessment arrow_right_alt

Art. 54 CSA - Elements of European cybersecurity certification schemes arrow_right_alt

Art. 55 CSA - Supplementary cybersecurity information for certified ICT products, ICT services and ICT processes arrow_right_alt

  1. The manufacturer or provider of certified ICT products, ICT services or ICT processes or of ICT products, ICT services and ICT processes for which an EU statement of conformity has been issued shall make publicly available the following supplementary cybersecurity information:
    1. guidance and recommendations to assist end users with the secure configuration, installation, deployment, operation and maintenance of the ICT products or ICT services;
    2. the period during which security support will be offered to end users, in particular as regards the availability of cybersecurity related updates;
    3. contact information of the manufacturer or provider and accepted methods for receiving vulnerability information from end users and security researchers;
    4. a reference to online repositories listing publicly disclosed vulnerabilities related to the ICT product, ICT service or ICT process and to any relevant cybersecurity advisories.
  2. The information referred to in paragraph 1 shall be available in electronic form and shall remain available and be updated as necessary at least until the expiry of the corresponding European cybersecurity certificate or EU statement of conformity.
Related
Close tabsclose
  • 93

Recital 93

European cybersecurity certificates and EU statements of conformity should help end users to make informed choices. Therefore, ICT products, ICT services and ICT processes that have been certified or for which an EU statement of conformity has been issued should be accompanied by structured information that is adapted to the expected technical level of the intended end user. All such information should be available online, and, where appropriate, in physical form. The end user should have access to information regarding the reference number of the certification scheme, the assurance level, the description of the cybersecurity risks associated with the ICT product, ICT service or ICT process, and the issuing authority or body, or should be able to obtain a copy of the European cybersecurity certificate. In addition, the end user should be informed of the cybersecurity support policy, namely for how long the end user can expect to receive cybersecurity updates or patches, of the manufacturer or provider of ICT products, ICT services or ICT processes. Where applicable, guidance on actions or settings that the end user can implement to maintain or increase the cybersecurity of the ICT product or of the ICT service and contact information of a single point of contact to report and receive support in the case of cyberattacks (in addition to automatic reporting) should be provided. That information should be regularly updated and made available on a website providing information on European cybersecurity certification schemes.

Art. 56 CSA - Cybersecurity certification arrow_right_alt

Art. 57 CSA - National cybersecurity certification schemes and certificates arrow_right_alt

Art. 58 CSA - National cybersecurity certification authorities arrow_right_alt

Art. 59 CSA - Peer review arrow_right_alt

Art. 60 CSA - Conformity assessment bodies arrow_right_alt

Art. 61 CSA - Notification arrow_right_alt

Art. 62 CSA - European Cybersecurity Certification Group arrow_right_alt

Art. 63 CSA - Right to lodge a complaint arrow_right_alt

Art. 64 CSA - Right to an effective judicial remedy arrow_right_alt

Art. 65 CSA - Penalties arrow_right_alt