- Certification Stakeholders
- CAB
- NCCA
What's in for Conformity Assessment Bodies (CABs)?
The European Union is preparing cybersecurity certification schemes to harmonise both the security requirements for ICT solutions and the way to assess them. One scheme has already been adopted and it is time for cybersecurity assessment bodies to learn about EU Cyber Certification.
These schemes represent a business opportunity for Conformity Assessment Bodies (CABs), as they will be able to offer a range of different certifications in the cybersecurity domain.
In addition, CABs will be able to develop and offer new combined assessment tools and new professional services related to the new schemes.
Steps to Becoming a CAB
CABs can work in EU certification schemes in 2 different ways: as evaluators (by auditing/testing) and/or as certifiers.
They need to meet certain requirements before becoming eligible to perform such activities:
- Become Accredited
In order to evaluate and certify in accordance with EU certification schemes, CABs will have to be accredited by their National Accreditation Body.
- Contact your NCCA
Once accredited for a European cybersecurity certification scheme, the National Cybersecurity Certification Authority (NCCA) needs to notify the Commission of their accreditation.
- Certify at Level High?
If a CAB wants to become eligible to certify an ICT solution under the assurance level “high”, it may need to meet additional requirements.
The procedure to meet these requirements is performed by the NCCA and is called “authorisation”. This “authorisation” needs to be notified as well to the Commission.