broken image
broken image
GET IN TOUCH
  • HOME
  • SERVICES 
    • Educate and Alert
    • Secure By Design
    • Test and Certify
    • Automate
    • By Industry
  • STANDARDS & REGULATIONS 
    • ETSI EN 303 645
    • FDO IoT
    • IEC 62443
    • CC | EUCC
    • IoXt Alliance
    • FIDO
    • FIPS 140-3
    • EU Cloud Service
    • ISO 21434 & R155
    • EN 17640 | FITCEM | CSPN
    • CRA
    • RED-DA
    • MDR
    • SESIP
    • GSMA IoT
  • ABOUT US 
    • Who we are
    • EU Projects
    • They trust us
    • Careers
    • Knowledge
    • Contact
  • Blog & News 
    • Compliance & Regulations
    • Tech & Security
    • Industry Use Cases
    • Insights & Trends
    • Company News & PR
    • EU & Research Projects
  • …  
    • HOME
    • SERVICES 
      • Educate and Alert
      • Secure By Design
      • Test and Certify
      • Automate
      • By Industry
    • STANDARDS & REGULATIONS 
      • ETSI EN 303 645
      • FDO IoT
      • IEC 62443
      • CC | EUCC
      • IoXt Alliance
      • FIDO
      • FIPS 140-3
      • EU Cloud Service
      • ISO 21434 & R155
      • EN 17640 | FITCEM | CSPN
      • CRA
      • RED-DA
      • MDR
      • SESIP
      • GSMA IoT
    • ABOUT US 
      • Who we are
      • EU Projects
      • They trust us
      • Careers
      • Knowledge
      • Contact
    • Blog & News 
      • Compliance & Regulations
      • Tech & Security
      • Industry Use Cases
      • Insights & Trends
      • Company News & PR
      • EU & Research Projects
broken image
broken image
  • HOME
  • SERVICES 
    • Educate and Alert
    • Secure By Design
    • Test and Certify
    • Automate
    • By Industry
  • STANDARDS & REGULATIONS 
    • ETSI EN 303 645
    • FDO IoT
    • IEC 62443
    • CC | EUCC
    • IoXt Alliance
    • FIDO
    • FIPS 140-3
    • EU Cloud Service
    • ISO 21434 & R155
    • EN 17640 | FITCEM | CSPN
    • CRA
    • RED-DA
    • MDR
    • SESIP
    • GSMA IoT
  • ABOUT US 
    • Who we are
    • EU Projects
    • They trust us
    • Careers
    • Knowledge
    • Contact
  • Blog & News 
    • Compliance & Regulations
    • Tech & Security
    • Industry Use Cases
    • Insights & Trends
    • Company News & PR
    • EU & Research Projects
  • …  
    • HOME
    • SERVICES 
      • Educate and Alert
      • Secure By Design
      • Test and Certify
      • Automate
      • By Industry
    • STANDARDS & REGULATIONS 
      • ETSI EN 303 645
      • FDO IoT
      • IEC 62443
      • CC | EUCC
      • IoXt Alliance
      • FIDO
      • FIPS 140-3
      • EU Cloud Service
      • ISO 21434 & R155
      • EN 17640 | FITCEM | CSPN
      • CRA
      • RED-DA
      • MDR
      • SESIP
      • GSMA IoT
    • ABOUT US 
      • Who we are
      • EU Projects
      • They trust us
      • Careers
      • Knowledge
      • Contact
    • Blog & News 
      • Compliance & Regulations
      • Tech & Security
      • Industry Use Cases
      • Insights & Trends
      • Company News & PR
      • EU & Research Projects
GET IN TOUCH
broken image

10 Things You Should Know About Software Cybersecurity Certification

· Compliance and Regulations

The global cybersecurity market was valued at $167.13 billion in 2020 and is predicted to expand by 10% annually until 2028. The alarming increase, frequency, and sophistication of cyberattacks in recent years can be blamed for the market's growth. And with this need to counter the intensity of cybercriminal activity with advanced cybersecurity measures comes the demand for better frameworks, processes, and techniques. 

In 2019, the European Cyber Security Act (CSA) was adopted, establishing a cybersecurity certification framework for all “critical infrastructure” sectors, including software development and IT outsourcing services. However, while the framework has benefits like increasing transparency and trust for end-users, certification bodies, manufacturers, software providers face particular challenges that keep them from fully embracing and implementing the new terms. Here are ten challenges you should know about software cybersecurity certification:  

  1. There are different assurance levels for certification defined by the new European Union (EU) cybersecurity regulation CSA that certification bodies and manufacturers must consider when certifying their systems.
  2. Certain factors impact the certification of the system and its components during its lifecycle, including software updates and design principles that deal with the inter-relationships of its components.
  3. Cybersecurity certification practitioners, software manufacturers, and software providers must be interested in software updates and software composability as these aspects define the relationship between different certification levels. 
  4. For organizations to allow software providers to maintain control of systems, they must develop and follow coordinated vulnerability disclosure (CVD) procedures. 
  5. Because a single Information Communication Technology (ICT) system comprises various components and subsystems, each additional software module will need to be certified in composition (when applicable) and using specific assurance levels and certification schemes. 
  6. New certification processes or recertification may be required when certain modules are not valid for the system's composition, such as specific hardware or operating systems.  
  7. Automated and lightweight techniques should be used in the recertification processes to reduce the reluctance of manufacturers and software providers to update their systems regularly due to time and costs. 
  8. The CSA promotes using a repository of vulnerabilities to foster trust in ICT systems, mitigate attacks, promote cooperation and collaboration among stakeholders, and bridge the gap between the software sector and certification bodies. 
  9. The CVD framework supports the vulnerability disclosure process, which encourages manufacturers and software providers to report and publish vulnerabilities and testing processes. The program aims to increase transparency for end-users, share cybersecurity information, expose threat models, and align software development. 
  10. Emerging technologies and platforms, including blockchain, AI, 5G systems, and quantum computing, are being considered to help align the cybersecurity certification process and software development activities.  

While the CSA aims to create a unified framework to align cybersecurity certification, manufacturers, and software developers while increasing end user trust, some hesitation remains. Because the intentions of the Act are for the benefit of all stakeholders, raising increasing awareness of these factors is key to fostering adoption. 

If you wish to learn more about cybersecurity certification, we encourage you to reach out to specialized experts in the domain and follow training adapted to your profile and business.

Subscribe
Previous
Things You Should Know About MUD and IoT Devices
Next
Top 10 Things You Should Know About The US IoT...
 Return to site
Profile picture
Cancel
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save