Checklist downloadenBereid je voor met onze zelfbeoordeling

ENISA Mandaat en regelgevend kader

Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for CyberbeveiligingCyberbeveiliging "cyberbeveiliging": cyberbeveiliging als gedefinieerd in artikel 2, punt 1, van Verordening (EU) 2019/881; - "cyberbeveiliging": cyberbeveiliging als gedefinieerd in artikel 2, punt 1, van Verordening (EU) 2019/881. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) "cyberbeveiliging": de activiteiten die nodig zijn om netwerk- en informatiesystemen, de gebruikers van dergelijke systemen en andere personen die te maken hebben met cyberdreigingen, te beschermen; - Definitie overeenkomstig artikel 2, punt 1, van Verordening (EU) 2019/881;) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

The Regulation (EU) 2019/881, commonly known at the time of its adoption as the Cybersecurity Act, serves as the ENISA Mandate and Regulatory Framework. It delineates the structure and key responsibilities of ENISA, the European Union Agency for Cybersecurity, while also establishing a cybersecurity certification framework for ICT products, services, and processes throughout the EU. This regulation is a pivotal component of the EU’s strategy to enhance cybersecurity and create a harmonized digital single market.

Structuur en hoofdstukken

  1. ENISA’s Mandate: The regulation permanently establishes ENISA, enhancing its role in supporting Member States and EU institutions to improve cybersecurity, serve as a hub for expertise, and reduce market fragmentation. ENISA is tasked with assisting in the development and implementation of EU policies, promoting capacity building, supporting operational cooperation, and raising public awareness about cybersecurity risks.
  2. Cybersecurity Certification Framework: A significant part of the regulation is dedicated to creating a European cybersecurity certification framework. This framework aims to establish common certification schemes across the EU to increase trust in ICT products, services, and processes. These schemes are designed to indicate the security assurance levels (basic, substantial, or high) and aim to unify the certification landscape, replacing national schemes with a coherent EU-wide approach.
  3. Administrative Structure: ENISA operates under a Management Board, an Executive Board, and an Advisory Group, ensuring it functions effectively and aligns with its expanded responsibilities. Additionally, a European Cybersecurity Certification Group (ECCG) is established to assist in the development and application of the cybersecurity certification framework.
  4. Review and Evaluation: The regulation includes provisions for regular assessments of ENISA’s impact and the effectiveness of the certification schemes. The first comprehensive review was scheduled for 2024, and subsequent reviews are to occur every five years.
  5. Repeal of Previous Regulation: The regulation repeals the earlier Regulation (EU) No 526/2013, reflecting the EU’s evolving approach to cybersecurity and the growing importance of a robust and unified response to cyber threats.

The CER Directive represents a significant step forward in the EU’s efforts to safeguard critical infrastructure from a wide range of threats. By establishing clear obligations for both member states and critical entities, the directive aims to create a more resilient and secure environment across the Union.

NIS 2 toeleveringsketen krijgen RisicoRisico Betekent de kans op verlies of verstoring veroorzaakt door een incident en moet worden uitgedrukt als een combinatie van de omvang van een dergelijk verlies of verstoring en de waarschijnlijkheid dat het incident zich voordoet. Definitie volgens artikel 6 van Richtlijn (EU) 2022/2555 (NIS2-richtlijn) Checklist

Download onze gratis NIS2-checklist voor risico's in de toeleveringsketen om ervoor te zorgen dat uw organisatie moeiteloos voldoet aan de nieuwste normen voor naleving van cyberbeveiliging.