One of the key elements for the establishment of a European ICT security certification framework is the role of cybersecurity standards and their application in the market. Because cybersecurity standards have an important role in security certification and in general for the security of the ICT infrastructures, an analysis is needed to investigate the current status of cybersecurity standards, their role and their effectiveness to support the cybersecurity market and the European cybersecurity industry.
To this purpose, the cybersecurity expert Scott Cadzow was requested to provide an analysis on the role and the current status of cybersecurity standards, which could support the European cybersecurity industry. The outcome of the analysis, finalised in February 2017, was to provide potential recommendations to improve the process of production and application of cybersecurity standards in Europe. JRC complemented this analysis with additional considerations on the parallel effort performed by organizations like ECSO and ENISA and the link to the European ICT security certification framework.
This report does not aim to provide a detailed view of cybersecurity standards in Europe. A number of reports by ECSO, ENISA and ETSI have recently addressed this task and this report refers to them for additional details on the current cybersecurity standards. The present report provides complementary considerations and recommendations on how to potentially support the European cybersecurity industry from standardisation work.