Details
- Part of collection
- Publication date
- 17 July 2024
- Author
- European Union Agency for Cybersecurity
- Type of Documents
- Guidelines
- Certification Schemes
- Certification Stakeholders
- CAB
Description
These guidelines [initially established as a state-of-the-art document as explained under recital 18 of Commission Implementing Regulation (EU) 2024/482 (hereinafter referred to as EUCC), and transformed into guidance upon request of the ECCG] are a supporting document for the authorisation of certification bodies (CBs) and Information Technology Security Evaluation Facilities (ITSEFs).
The Regulation (EU) 2019/881 (hereinafter referred to as the EU Cybersecurity Act - CSA), foresees under Article 60 (3) of that Regulation the possibility that a cybersecurity certification scheme may include additional or specific requirements that a conformity assessment body (CAB) needs to meet to guarantee its technical competence to evaluate the cybersecurity requirements of that specific scheme, as defined under Article 54 (1) (f) CSA.
It is the national cybersecurity certification authority (NCCA, the monitoring and supervising body) that is tasked to perform this assessment, which positive results will result in the ‘authorisation’ of the CAB.
