iTeh Standards logo
EURUSD
Your shopping cart is empty.
CEN

CEN/CLC/JTC 13/WG 3 - Security evaluation and assessment

Security evaluation and assessment

General Information

Status
Active
Work Field
Information technology
Parent
CEN/CLC/TC 13 - Cybersecurity and Data Protection

Frequently Asked Questions

CEN/CLC/JTC 13/WG 3 is a Working Group within the European Committee for Standardization (CEN). It is named "Security evaluation and assessment". This committee has published 3 standards.

CEN/CLC/JTC 13/WG 3 develops CEN standards in the area of Information technology. Currently, there are 3 published standards from this working group.

The European Committee for Standardization (CEN) is a public standards organization that brings together the national standardization bodies of 34 European countries. CEN provides a platform for developing European Standards (ENs) and other technical documents in relation to various products, materials, services, and processes, supporting the European Single Market.

A Working Group in CEN is a specialized group responsible for developing standards or technical work within a defined scope. These bodies bring together international experts to create consensus-based standards that support global trade, safety, and interoperability.

Standardization Organization
ICS
Directive
Mandate
50
CEN
CEN/CLC/TS 18072:2025(Main)
Requirements for Conformity Assessment Bodies certifying Cloud Services
SIST-TS CEN/CLC/TS 18072:2025

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services
This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs.

  • Technical specification
    45 pages
    English language
    e-Library read for
    1 day
CEN
EN 17927:2023(Main)
Security Evaluation Standard for IoT Platforms (SESIP). An effective methodology for applying cybersecurity assessment and re-use for connected products.
SIST EN 17927:2024

This document describes a cybersecurity evaluation methodology, named SESIP, for components of connected ICT products. Security claims in SESIP are made based on the security services offered by those components. Components can be in hardware and software. SESIP aims to support comparability between and reuse of independent security evaluations. SESIP provides a common set of requirements for the security functionality of components which apply to the foundational components of devices that are not application specific. The methodology describes the re-use of evaluation results.

  • Standard
    101 pages
    English language
    e-Library read for
    1 day
CEN
EN 17640:2022/prA1(Amendment)
Fixed-time cybersecurity evaluation methodology for ICT products
SIST EN 17640:2023/oprA1:2025

The scope of EN 17640 remains unchanged, adding the content of composition within:
This document describes a cybersecurity evaluation methodology that can be implemented using pre-defined time and workload
resources, for ICT products. It is intended to be applicable for all three assurance levels defined in the CSA (i.e. basic, substantial and
high).
The methodology is comprised of different evaluation blocks including assessment activities that comply with the evaluation
requirements of the CSA for the mentioned three assurance levels. Where appropriate, it can be applied both to 3rd party evaluation
and self-assessment.

  • Draft
    11 pages
    English language
    e-Library read for
    1 day
50