News
07.03.2025
Cybersecurity Certification Week
Cybersecurity Certification Week (CCW) will be held in Warsaw from March 10-14 under the patronage of ENISA, the EU Cybersecurity Agency.
This is the next edition of the annual conference, organized this time in Warsaw with the support of the Polish Presidency and the European Commission.
The conference will mark the first anniversary of the publication of the European Cybersecurity Certification Program based on the Common Citeria (EUCC), as well as discuss the following topics:
This is the next edition of the annual conference, organized this time in Warsaw with the support of the Polish Presidency and the European Commission.
The conference will mark the first anniversary of the publication of the European Cybersecurity Certification Program based on the Common Citeria (EUCC), as well as discuss the following topics:
- eIDAS and EUDI portfolio cyber security certification;
- Interactions with other EU regulations: CRA (Cyber Resilience Act), EU Cyber Solidarity Act, NIS Directive 2;
- EUCC implementation challenges;
- Risk management through EU cybersecurity certification.
Cyber Security Certification Week includes the following meetings:
A meeting of the ECCG (European Cybersecurity Certification Group), a permanent group of cybersecurity certification experts from member states, established by national cybersecurity certification authorities. The ECCG advises the Commission on the planning of certification programs, reviews candidate programs, issues opinions and assists the Commission in implementing these programs.
ECCG subgroups – ECCG (European Cybersecurity Certfication Group) subgroups deal with specialized topics arising from certification programs or the Cybersecurity Act. They are composed of experts from member states. The current subgroups deal with the maintenance of the EUCC program.
Ad hoc ENISA groups – ENISA (European Union Cybersecurity Agency) consisting of external experts (usually representatives of member states and the private sector) to address a specific issue (e.g., preparation of a candidate program) or to support ENISA in a specific task (e.g., promotion of certification or market research).
A meeting of the ECCG (European Cybersecurity Certification Group), a permanent group of cybersecurity certification experts from member states, established by national cybersecurity certification authorities. The ECCG advises the Commission on the planning of certification programs, reviews candidate programs, issues opinions and assists the Commission in implementing these programs.
ECCG subgroups – ECCG (European Cybersecurity Certfication Group) subgroups deal with specialized topics arising from certification programs or the Cybersecurity Act. They are composed of experts from member states. The current subgroups deal with the maintenance of the EUCC program.
Ad hoc ENISA groups – ENISA (European Union Cybersecurity Agency) consisting of external experts (usually representatives of member states and the private sector) to address a specific issue (e.g., preparation of a candidate program) or to support ENISA in a specific task (e.g., promotion of certification or market research).
23.10.2024
Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements, amending Regulations (EU) 168/2013 and (EU) 2019/1020, and Directive (EU) 2020/1828 (Cyber Resilience Act), has been published in the Official Journal of the European Union. The CRA regulation will be applied as of 11 December 2027. The regulation will apply directly in all EU countries.
The Cyber Resilience Act (CRA) describes the cybersecurity requirements for hardware and software with digital components marketed in the European Union. Digital hardware and software are one of the main avenues for successful cyberattacks. In a connected environment, a cybersecurity incident in one product can affect an entire organization or supply chain, often spreading beyond the borders of the internal market within minutes. Product cybersecurity has a particularly strong cross-border dimension, as products manufactured in one country are often used by organizations and consumers throughout the internal market.
The regulation establishes a uniform legal framework to ensure that hardware and software are designed, developed, and maintained with robust cybersecurity measures throughout their life cycle. The CRA requires manufacturers to comply with basic cybersecurity requirements, conduct risk assessments, and ensure security updates, thus supporting a safer digital environment across the EU.
13.08.2024
NIST published three new FIPS standards on Post-Quantum Cryptography:
21.05.2024
At the headquarters of NASK, two certificates for SimplySign and BiocertiX products were officially awarded.
The event was attended by representatives from Asseco Data Systems, Xtension, Samsung Electronics Polska, as well as from ITSEF and the Certification Body.
17.04.2024
Our CB Manager, Mr. Paweł Kostkiewicz, took part in an interesting debate on the cybersecurity of AI-based technologies, which was organized as part of the Secure 2024 conference..