Checkliste herunterladenBereiten Sie sich mit unserer Selbsteinschätzung vor

ENISA-Mandat und rechtlicher Rahmen

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for CybersecurityCybersecurity "Cybersicherheit" ist die Cybersicherheit im Sinne von Artikel 2 Nummer 1 der Verordnung (EU) 2019/881; - Definition gemäß Artikel 6 der Richtlinie (EU) 2022/2555 (NIS2-Richtlinie) "Cybersicherheit" bezeichnet die Tätigkeiten, die erforderlich sind, um Netz- und Informationssysteme, die Nutzer solcher Systeme und andere von Cyberbedrohungen betroffene Personen zu schützen; - Definition gemäß Artikel 2 Nummer 1 der Verordnung (EU) 2019/881;) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

The Regulation (EU) 2019/881, commonly known at the time of its adoption as the Cybersecurity Act, serves as the ENISA Mandate and Regulatory Framework. It delineates the structure and key responsibilities of ENISA, the European Union Agency for Cybersecurity, while also establishing a cybersecurity certification framework for ICT products, services, and processes throughout the EU. This regulation is a pivotal component of the EU’s strategy to enhance cybersecurity and create a harmonized digital single market.

Aufbau und wichtige Abschnitte

  1. ENISA’s Mandate: The regulation permanently establishes ENISA, enhancing its role in supporting Member States and EU institutions to improve cybersecurity, serve as a hub for expertise, and reduce market fragmentation. ENISA is tasked with assisting in the development and implementation of EU policies, promoting capacity building, supporting operational cooperation, and raising public awareness about cybersecurity risks.
  2. Cybersecurity Certification Framework: A significant part of the regulation is dedicated to creating a European cybersecurity certification framework. This framework aims to establish common certification schemes across the EU to increase trust in ICT products, services, and processes. These schemes are designed to indicate the security assurance levels (basic, substantial, or high) and aim to unify the certification landscape, replacing national schemes with a coherent EU-wide approach.
  3. Administrative Structure: ENISA operates under a Management Board, an Executive Board, and an Advisory Group, ensuring it functions effectively and aligns with its expanded responsibilities. Additionally, a European Cybersecurity Certification Group (ECCG) is established to assist in the development and application of the cybersecurity certification framework.
  4. Review and Evaluation: The regulation includes provisions for regular assessments of ENISA’s impact and the effectiveness of the certification schemes. The first comprehensive review was scheduled for 2024, and subsequent reviews are to occur every five years.
  5. Repeal of Previous Regulation: The regulation repeals the earlier Regulation (EU) No 526/2013, reflecting the EU’s evolving approach to cybersecurity and the growing importance of a robust and unified response to cyber threats.

The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.

NIS 2 Lieferkette erhalten RisikoRisiko Bezeichnet das Potenzial für Verluste oder Störungen, die durch ein Ereignis verursacht werden, und wird als Kombination aus dem Ausmaß eines solchen Verlusts oder einer solchen Störung und der Wahrscheinlichkeit des Eintretens des Ereignisses ausgedrückt. Definition gemäß Artikel 6 der Richtlinie (EU) 2022/2555 (NIS2-Richtlinie) Checkliste

Laden Sie unsere kostenlose NIS2-Checkliste für Risiken in der Lieferkette herunter, um sicherzustellen, dass Ihr Unternehmen die neuesten Standards für Cybersicherheit mühelos einhält.