ENISA, the EU Agency for Network and Information Security, published an overview of practices of ICT certification laboratories.
This study seeks to identify and analyze the current landscape of ICT security certification laboratories in EU Member States, comparing them also with third countries practices. The findings of this study constitute the basis for the Agency’s proposal towards an EU wide ICT products and services certification framework. It also provides an overview about laboratories in the field of cybersecurity, the applicable standards and requirements for the accreditation of laboratories and the role of EA.
In the European Union, accreditation is performed by national accreditation bodies (NABs) appointed by governments as required by Regulation (EC) 765/2008. This Regulation appointed EA to manage the European accreditation infrastructure following its adoption by the European Parliament and the European Council on 9 July 2008 to establish a legal framework for accreditation in the EU member states.
Accreditation provides the attestation that accredited bodies offering testing, examination, calibration, certification, inspection and verification services have the technical competence and impartiality to check the conformity of products and services with the relevant national. By relying on accredited results, regulators and governments obtain a third party, independent and competent evaluation, to support sound decisions in regulation, public procurement or delivery of products and services onto the market.
EA and its members will continue to provide information about accreditation and the European Accreditation Infrastructure to support the preparation of the EU Cybersecurity Certification Framework.