Provide Support to OCSI in real certification processes and for the site visit aimed at confirming the status of authorizing member in the European (SOGIS) and international (CCRA) mutual recognition agreements. Regarding the support to Italian NCCA, the project aims to contribute to the definition of the first schemes envisaged in the CSA including the scheme for the certification of security of ICT products, the scheme for automation and industrial control systems (IACS), and for Cloud services.
The project outputs will allow stakeholders of the Italian scheme to carry on in maintaining the benefits of recognition of certificates issued in Italy in international context. Guidelines for facing the emergency of COVID for 2020 will be also provided. Support for the upcoming Italian NCCA will consist in actively contributing to definition and management of the new certification schemes envisaged by the CSA, supervising aspects of interest for Italian stakeholders in the context of certification and for Italians users of certificates.
The project will provide support to the OCSI in facing the Voluntary Periodic Assessment (VPA) aimed at maintaining the status of Certification Body with adequate skills and procedures for the recognition of certificates issued in Italy, in european and international context: the procedures and operating instructions of Italian CB will be reviewed and updated, in respect of the guidelines and recommendations from the working groups in charge of guaranteeing the harmonization of the procedures in international and european contexts. The technical issues that will be raised during the certification processes supervised by OCSI will also be analyzed with the aim of producing operational guidelines for Italian laboratories: this activity includes analyses and support for the development of guidelines to face the COVID19 crisis.
In the context of EU Regulation 881/2019 which defines the new European framework for ICT security certification, support will be provided in the revision of the Regulation and of the Union Rolling Work Programme and in the definition of the Italian NCCA’s operating procedures and methodologies; the ENISA ad hoc working groups in charge of developing the new certification schemes will also be supervised and supported (including, for example, the first scheme, the EUCC, which aims to transpose the European mutual recognition agreement of ICT security product certificates SOGIS in the new framework defined by the CSA, and the scheme dedicated to the certification of cloud services) and the technical communities in charge of developing a proposal for new schemes within the CSA (such as, for example, the scheme for the certification of products adopted in industrial automation control systems, and for the certification of products adopted in 5G networks.