当前位置:首页 > 报告详情

4-2 Vetillard.pdf

上传人: 拾亿 编号:1171085 2026-03-21 6页 268.64KB

1、Eric Vetillard,Ph.D.Lead Certification Expert,CCU,ENISAChair,EUDIW AHWG24092025CERTIFICATION OF THE EUDI WALLETA QUICK STATUS2Certification of the EUDI Wallet Trust Services Forum,September 2025Go for the low-hanging fruitsPrivilege topics reusable in national schemesCollaborate with all stakeholder

2、sOperating principles3INITIAL FOCUS ON FOUR TOPICSStandardisation gapsWe are looking at the ongoing standardisation efforts and analysing the gaps related to the security.Gap analysis is available,now deep-diving into the security requirements to refine the gaps.Object of certificationThe object of

3、certification“EUDI Wallet and the eID scheme under which it is provided”is very wide,so we worked on thatSecure apps,mobile and Web aps,IT systems,ISMS,processes,etc.Assessment of componentsEvery component of the object of certification needs to be assessed.EUCC,FitCEM,FR MIE,MASA,ISO 27001,etc.Main

4、 scheme and moreThis includes the key questions about a scheme,as well as the global evaluation activities.Certification lfecycle,monitoring and compliance,etc.Vulnerability assessment,risk assessment,evidence assessment,etc.Certification of the EUDI Wallet Trust Services Forum,September 20254NEXT R

5、OUND OF QUESTIONSConcepts and terminologyOur first work identified some items to be clarified,where interpretations sometimes differ:What is a WSCA around a remote HSM?Wallet instance vs.Wallet mobile app.Certifying key componentsThis is mostly about putting together evaluation methods and security

6、requirements,and seeing what happensCertifying the EUDI Wallet maintenance processesCertifying the security of a mobile applicationKey open questionsThere remain some essential questions on scoping or which no clear response has emergedDealing with components

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
客服
商务合作
小程序
服务号
折叠