2019/881 - Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)
General Information
Frequently Asked Questions
An EU Regulation is a binding legislative act that must be applied in its entirety across the European Union. Unlike directives, regulations do not need to be transposed into national law and are directly applicable in all member states. Regulations are used when uniform application across all EU countries is essential.
Regulation 2019/881 covers "Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance)". There are 8 standards associated with this regulation.
Harmonized standards under 2019/881 are European standards (ENs) developed by CEN, CENELEC, or ETSI in response to a mandate from the European Commission. When these standards are cited in the Official Journal of the European Union, products manufactured in conformity with them benefit from a presumption of conformity with the essential requirements of 2019/881, facilitating CE marking and free movement within the European Economic Area.
This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.
- Technical specification45 pagesEnglish languagee-Library read for1 day
This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.
- Standard65 pagesEnglish languagee-Library read for1 day
This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.
- Technical specification45 pagesEnglish languagee-Library read for1 day
This document contains guidelines to be used in the process of drafting requirements of cybersecurity certification schemes for sectoral ICT services and systems. It includes all steps necessary to define, implement and maintain such requirements.
- Standard65 pagesEnglish languagee-Library read for1 day
This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations
- Technical specification180 pagesEnglish languagee-Library read for1 day
This Technical Specification (TS) provides a set of cybersecurity requirements for cloud services.
This TS is applicable to organizations providing cloud services and their subservice organizations
- Technical specification180 pagesEnglish languagee-Library read for1 day
This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.
- Standard101 pagesEnglish languagee-Library read for1 day
This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.
- Standard101 pagesEnglish languagee-Library read for1 day