23-25 March, 2027 | Steigenberger Wiltcher's, Brussels

New European Standard—Does a Cybersecurity Certification Scheme Fit into the Framework? (S13a)

26 Mar 2025
3:20 pm

New European Standard—Does a Cybersecurity Certification Scheme Fit into the Framework? (S13a)

A new European standard, EN 18037, “Guidelines on Sectoral Cybersecurity Assessment,” presents a practical approach to creating cybersecurity certification within the framework introduced in the Cybersecurity Act. The methodology ensures consistency in the implementation of assurance levels, which can be achieved across schemes. By introducing a common concept for security levels, it facilitates the definition of controls that can be commonly used. These two fundamental principles, implemented consistently, allow certificates issued by one scheme to be reused in other schemes. The methodology supports the identification of risks associated with the intended use of ICT systems, ICT services, and ICT processes at any level of the sectoral ICT system architecture. Sectoral stakeholder organizations can balance their view of risks against the investment needed to mitigate these risks by introducing appropriate levels of security and assurance. This transparent, cooperative approach is expected to contribute significantly to market acceptance for these requirements and the cybersecurity certification schemes developed on this basis.