欧盟托管安全服务认证计划 - Vicente Gonzalez PedrosENISA.pdf

1、EU CERTIFICATION SCHEME ON MANAGED SECURITY SERVICESVicente Gonzalez PedrosCybersecurity Certification Unit ENISA 2026/04/15 EUMSS SchemeEUMSS Overview and way forward2EC request for an EU MSS certification schemeKey elementsRequest focuses on Managed Security Services(MSS)building on amendment of C

2、SA Regulation(EU)2025/37Request received on 25/04/2025Request shared with ECCG on 30/04/2025Request in line with URWPSignificant to operationalization of CSoA that came into force on 04/02/2025Trusted MSSPs have to be certified in accordance with EUMSS,2 years after scheme is in placeNational scheme

3、s already in place;risk of fragmentationEUMSS Overview and way forward3SCOPE AND STRUCTURE OF EUMSS CERTIFICATIONHorizontal service baseline requirementsPentestingVerticalManaged SOCVerticalHighSubstantialBasicVoluntary EU MSS certificationIncident Management LifecycleIncident Response Service Profi

4、le4Common baseline requirements;not a stand-alone certification but a prerequisite for everyvertical pillar.Objectives=ensure secure-by-design delivery,seamless client integration,resilience to disruption,and robust lifecycle management.Commission Request to ENISA for a cybersecurity certification s

5、cheme on EU MSSHorizontal Layer Vertical Layer Annexes to the horizontal layer that add MSS-specifictechnicalrequirementsperservicedomain.Scope=IncidentManagement-fulllifecycle(identification/detection,response,recovery,post-incident review),with requirements for reporting,escalation,stakeholder coo

6、rdination,and continuousimprovement Objectives=Provide precise criteria tailored to eachMSS characteristics and risk profile;certificationlabels are MSS-specific.EU CERTIFICATION SCHEME ON MANAGED SECURITY SERVICES5EUMSS AHWGThe AHWG drew on a pool of 200+applicants to appoint outstanding,senior-lev