50 ENAC-accredited services deliver confidence and reliability to cybersecurity
On World Telecommunication and Information Society Day (WTISD), celebrated every 17 May, the International Telecommunication Union calls for necessary measures to prevent and reduce information technology dangers, including spreading misinformation and exploiting personal data. Thereby, assessment and control activities help to guarantee the safety, functionality and operability of communication equipment and systems; information security, confidentiality, integrity, and availability; and user protection. However, the value that these assessments can bring to companies depends on the good work and competence of the bodies carrying them out. The Spanish market now has more than 50 bodies accredited by ENAC, who have demonstrated their technical competence to assess products and services related to information security.
In the cybersecurity field, a priority objective in most European governments' agendas is EU Regulation 2019/881, better known as the "Cybersecurity Act". It aims to strengthen the fight against threats and attacks in cybersecurity matters and gives accreditation a central role. It defines a European cybersecurity certification framework aimed at creating a digital single market for ICT products, services, and processes where it only contemplates the option of accredited certification, regardless of which certification body will operate it.
At the national level, the National Security Scheme (Esquema Nacional de Seguridad, ENS) establishes the basic principles and minimum requirements, as well as the protection measures to be implemented in the Public Administration systems and is also applicable to private sector operators that provide services or solutions to public bodies. To give the best guarantees, it was established that the certifying bodies were required to be accredited by ENAC to be able to act within this scheme's framework.
Moreover, security testing accreditation and information technology product and system certifications in accordance with standards such as the Common Criteria or Lince enables the assessment of how well an ICT product treats information securely. In addition, EU Regulation No 910/2014, eIDAS, for electronic identification and trusted services for electronic transactions in the internal market, has established accreditation to ensure the technical competence, operability, and impartiality of bodies that audit and certify providers of electronic identification services.
Accreditation News is published quarterly and sent to organizations and to people who have asked to be included on its mailing list.
Would you like to receive a free copy of Accreditation News? Subscribe here.