Télécharger la liste de contrôlePréparez-vous avec notre auto-évaluation

Mandat et cadre réglementaire de l'ENISA

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for CybersécuritéCybersécurité "cybersécurité", la cybersécurité telle que définie à l'article 2, point 1), du règlement (UE) 2019/881 ; - Définition selon l'article 6 de la directive (UE) 2022/2555 (directive NIS2) "cybersécurité" : les activités nécessaires pour protéger les réseaux et les systèmes d'information, les utilisateurs de ces systèmes et les autres personnes concernées par les cybermenaces ; - Définition selon l'article 2, point 1), du règlement (UE) 2019/881 ;) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

The Regulation (EU) 2019/881, commonly known at the time of its adoption as the Cybersecurity Act, serves as the ENISA Mandate and Regulatory Framework. It delineates the structure and key responsibilities of ENISA, the European Union Agency for Cybersecurity, while also establishing a cybersecurity certification framework for ICT products, services, and processes throughout the EU. This regulation is a pivotal component of the EU’s strategy to enhance cybersecurity and create a harmonized digital single market.

Structure et sections clés

  1. ENISA’s Mandate: The regulation permanently establishes ENISA, enhancing its role in supporting Member States and EU institutions to improve cybersecurity, serve as a hub for expertise, and reduce market fragmentation. ENISA is tasked with assisting in the development and implementation of EU policies, promoting capacity building, supporting operational cooperation, and raising public awareness about cybersecurity risks.
  2. Cybersecurity Certification Framework: A significant part of the regulation is dedicated to creating a European cybersecurity certification framework. This framework aims to establish common certification schemes across the EU to increase trust in ICT products, services, and processes. These schemes are designed to indicate the security assurance levels (basic, substantial, or high) and aim to unify the certification landscape, replacing national schemes with a coherent EU-wide approach.
  3. Administrative Structure: ENISA operates under a Management Board, an Executive Board, and an Advisory Group, ensuring it functions effectively and aligns with its expanded responsibilities. Additionally, a European Cybersecurity Certification Group (ECCG) is established to assist in the development and application of the cybersecurity certification framework.
  4. Review and Evaluation: The regulation includes provisions for regular assessments of ENISA’s impact and the effectiveness of the certification schemes. The first comprehensive review was scheduled for 2024, and subsequent reviews are to occur every five years.
  5. Repeal of Previous Regulation: The regulation repeals the earlier Regulation (EU) No 526/2013, reflecting the EU’s evolving approach to cybersecurity and the growing importance of a robust and unified response to cyber threats.

The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.

Obtenir le NIS 2 Chaîne d'approvisionnement RisqueRisque désigne le potentiel de perte ou de perturbation causé par un incident et doit être exprimé comme une combinaison de l'ampleur de cette perte ou de cette perturbation et de la probabilité d'occurrence de l'incident. Définition selon l'article 6 de la directive (UE) 2022/2555 (directive NIS2) Liste de contrôle

Téléchargez gratuitement notre liste de contrôle des risques de la chaîne d'approvisionnement NIS2 pour vous assurer que votre organisation respecte les dernières normes de conformité en matière de cybersécurité sans effort.