Comparing National Lightweight Methodologies Around Europe
Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national administrations, but their applicability to the consumer market is undeniable. In the meantime, manufacturers are being forced to certify their products under the schemes of each country, which means an increase in cost, an inconvenience to competitiveness and a betrayal of the principles of the European Union. It is necessary that what is already working in practice achieves an agreement at European level that allows the mutual recognition of the certifications issued under the different member states.
This presentation will cover a comparison study carried out between the different national methodologies: CPSN, BSPA and LINCE. (BSZ will be included in the study if it is available). This study will be used as an input for the future European lightweight methodology lead by JTC13 WG3. This study will focus on the different aspects of each methodology focusing on the technical details. This presentation will show the different approaches taken by each member state to address lightweight product cybersecurity certification, highlighting the pros and cons of each one and providing at a glance how things are being done in the different schemes.