The European Union Agency for Cybersecurity received earlier this year the request from the European Commission to prepare a new candidate certification scheme on 5G. The call launched today is intended to set up an ad hoc working group on 5G cybersecurity certification meant to support the Agency for the purpose of preparing the new EU 5G certification scheme.
What are the specific requirements of the call?
The call for expression of interest will establish an ad hoc working group (AHWG) to support the preparation of the EU 5G scheme, and is intended to:
- meet the CSA requirements, ensuring consistency with other schemes of the EU cybersecurity certification framework and is expected to explore the possibility to re-use the EU Common Criteria and EU Cloud Services schemes or parts thereof;
- fit seamlessly with the suite of solutions for 5G security created by the NIS cooperation group (EU coordinated risk assessment, 5G threat landscape and the5G toolbox).
How does the call fit into the preparation programme of the EU 5G scheme?
The programme for the preparation of the EU 5G scheme consists of 2 phases.
Phase one intends to achieve the “as-is” translation of elements composing existing schemes into their EU equivalents. Phase two foresees the adding of enhancements and improvements designed to meet the EU cybersecurity requirements, which will eventually lead to the final drafting of the certification scheme.
This call concerns phase 1 with the option to either extend phase 1 or launch a new call for phase 2 of the AHWG. The decision on phase 2 will largely be defined by the results of the gap analysis, to be concluded at the end of phase 1.
In phase 1, the work of the AHWG will be subdivided into 3 work streams focusing on:
- “As-is” translation of existing scheme elements into an EU-equivalent of the GSMA NESAS scheme
- “As-is” translation of existing scheme elements into an EU-equivalent of the GSMA SAS-SM and SAS-UP schemes and GSMA’s eUICC certification scheme
- Risk-based definition of security and certification requirements for components that support the before mentioned use cases and gap analysis
Each work stream requires different skillsets, competences and expertise of individual 5G stakeholder representations.
Terms of reference
Deadline for applications
The call will remain open until 7h July 2021 at 12:00 EET (Athens time zone).
Adopted in 2019, the Cybersecurity Act established the European Cybersecurity Certification Framework that allows creating market-driven EU certification schemes and helps reduce fragmentation between existing cyber certification schemes. This framework will deliver certification schemes recognised in all Member States, making it easier for businesses to trade across borders and for users to understand the security features of the product or service. More information on the EU’s actions including for the 5G toolbox, is available on this page.
For press questions and interviews, please contact press (at) enisa.europa.eu
Stay updated – subscribe to RSS feeds of both ENISA news items & press releases!