SPI-SICUR2

To provide support to the OCSI in certification processes and for the site visit, aimed at confirming the status of authorizing members in the European (SOGIS) and international (CCRA) mutual recognition agreements. With regard to the support to the Italian NCCA, the project aims to contribute to the definition of the initial schemes planned by the CSA, including a scheme for the certification of security of ICT products, a scheme for automation and industrial control systems (IACS), and for Cloud services.

The project’s outputs will enable stakeholders of the Italian scheme to continue to maintain the benefits from the recognition of certificates issued in Italy in an international context. Guidelines will also be issued on dealing with the COVID emergency of 2021. Support for the upcoming Italian NCCA will consist of actively contributing to the definition and management of the new certification schemes planned by the CSA, supervising aspects of interest to Italian stakeholders in the context of certification and Italian users of certificates.

The project will provide support to the OCSI in dealing with the Voluntary Periodic Assessment (VPA) aimed at maintaining the status of Certification Body, with adequate skills and procedures for the recognition of certificates issued in Italy, in the European and international context. The procedures and operating instructions of Italian CB will be reviewed and updated, in accordance with the guidelines and recommendations of the working groups responsible for guaranteeing the harmonization of the procedures in international and European contexts. The technical issues that will be raised during the certification processes supervised by OCSI will also be analyzed, with the aim of producing operational guidelines for Italian laboratories. This activity includes analyses and support for the development of guidelines to deal with the COVID19 crisis.

In the context of EU Regulation 881/2019, which defines the new European framework for ICT security certification, support will be provided for the revision of the Regulation and the Union Rolling Work Programme and in defining the Italian NCCA’s operating procedures and methodologies. The ENISA ad hoc working groups in charge of developing the new certification schemes will also be supervised and supported (including, for example, the first scheme, the EUCC, which aims to incorporate the European mutual recognition agreement of ICT security product certificates, SOGIS, within the new framework defined by the CSA, and the scheme dedicated to the certification of Cloud services), along with the technical communities in charge of developing a proposal for new schemes within the CSA (such as, for example, the scheme for the certification of products adopted in industrial automation control systems, and for the certification of products adopted in 5G networks).