Methodology For Sectoral Cybersecurity Assessments
Cybersecurity certification under the European Union Cybersecurity Act (CSA) is intended to increase trust and security for European consumers and businesses and help to achieve a genuine digital single market. This requires that all relevant levels of the ICT market, from sectoral ICT services and systems via ICT infrastructures to ICT products and ICT processes, will be addressed and that the related cybersecurity certification schemes are well accepted by the market.
The CSA stipulates specific requirements, which target efficiency and coherence between schemes of the CSA’s cybersecurity certification framework. The methodology for sectoral cybersecurity assessments described in this document (hereinafter called SCSA Methodology) addresses these objectives in the context of drafting sectoral cybersecurity certification schemes, which address ICT services in individual market sectors. It is designed to be used as a preparatory step for the definition of a candidate scheme involving sectoral stakeholders.