DEFINITION:
Security Framework ABB is a Business Object protecting various aspects on data, information and knowledge assets and the organizational resources handling them.
Source: ISA2, EIFv2 (https://ec.europa.eu/isa2/isa2_en)
INTEROPERABILITY SALIENCY:
IoP Dimension: Governance IoP
The Security Framework ABB is salient for interoperability because "security and privacy are primary concerns in the provision of public services" (EIF) and, as stated in EIF Recommendation 15: "Define a common security and privacy framework and establish processes for public services to ensure secure and trustworthy data exchange between public administrations and in interactions with citizens and businesses."
EXAMPLES:
The following implementation is an example on how this specific Architecture Building Block (ABB) can be instantiated as a Solution Building Block (SBB):
The EU cybersecurity certification framework
The European Commission puts forward the creation of a EU certification framework for ICT security products in its 2017 proposal for a regulation.
On 13 September 2017 the Commission issued a proposal for a regulation on ENISA, the ""EU Cybersecurity Agency"", and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'').
Certification plays a critical role in increasing trust and security in products and services that are crucial for the digital single market. At the moment, a number of different security certification schemes for ICT products exist in the EU. Without a common framework for EU-wide valid cybersecurity certificates, there is an increasing risk of fragmentation and barriers in the single market.
The proposed certification framework will provide EU-wide certification schemes as a comprehensive set of rules, technical requirements, standards and procedures. This will be based on agreement at EU level for the evaluation of the security properties of a specific ICT-based product or service e.g. smart cards.
The certification will attest that ICT products and services that have been certified in accordance with such a scheme comply with specified cybersecurity requirements. The resulting certificate will be recognized in all Member States, making it easier for businesses to trade across borders and for purchasers to understand the security features of the product or service.
The schemes proposed in the future European framework will rely as much as possible on international standards as a way to avoid creating trade barriers and ensuring coherence with international initiatives."
Source:
(https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-certification-framework)
|
|
ID | ABB223 |
dct:type | eira:SecurityFramework |
dct:publisher | |
dct:modified | |
eira:view | Organisational view |