European Commission
The steady rise and sophistication of cyber-attacks in an ever more pervasive digitized economy and life calls for improved assurance of the security capabilities and risk resilience of products, services and process supporting the digitization. It is why the Commission, with the support of the European Cybersecurity Certification Group (ECCG, consisting of representatives of Member States) and the Stakeholder Cybersecurity Certification Group (SCCG), drafts and publishes the Union Rolling Work Programme (URWP) for cybersecurity certification that identifies strategic priorities for future European cybersecurity certification schemes and lists ICT products, ICT services and ICT processes or categories thereof that could be included in the scope of a certification scheme.
To support and enhance the activities of all actors involved in cybersecurity certification, the Connecting Europe Facility (CEF) program provides funding for an accessible collaboration platform to be deployed. This platform will contribute to build trust among key certification stakeholders, provide data and metrics to support EU cybersecurity policy, and help setting priorities and creating synergies for EU cybersecurity certification schemes. It aims at creating a European hub of information and expertise which fosters interaction among European stakeholders active in cybersecurity certification, such as public authorities, accreditation bodies, manufacturers, service providers and vendors of cybersecurity products, services and processes, open source software developers, end-users and consumers.
Activities foreseen for the platform encompass:
- Analyse, monitor and share relevant information on the supply and demand side of the cybersecurity certification market.
- Facilitate interaction between users and providers of certification solutions, considering the different actors in the chain, by using tools for matchmaking, enhancing certification capabilities, research or feedback mechanisms and surveys.
- Identify modules, components, and further capabilities in the certification value chain for further use and improvement by certification stakeholders, e.g. composability and reuse of guidance, evidence and assurance, by using the platform’s analytic functions or collaboration services.
- Facilitate collaboration among projects relevant to cybersecurity certification, and the exploitation of their results, notably projects supported by EU programmes such as CEF, Digital Europe, Horizon 2020, or Horizon Europe, e.g. by building on the results of those projects (e.g. regarding innovative and dynamic testing) or generating synergies between those projects.
- Build and enhance an environment for interaction (virtual and physical) and knowledge-sharing through tools and innovative approaches in cybersecurity certification, dissemination of newest research results, or discussions on policy and technology updates.
Tenderers are invited to submit their offers and questions for this call through the TED eTendering website.
Background
As a part of its wider efforts to support the Digital services infrastructure ,the Connecting Europe Facility (CEF) programme, established in 2014, aims to support targeted investment for interconnected trans-European networks in the fields of transport, energy and digital services. Under CEF Telecom (alternatively known as CEF Digital) €1.04 billion is earmarked for trans-European digital services over the period 2014-2020.
Regulation (EU 1316/2013) established CEF and sets out the implementing arrangements for the programme. Regulation (EU 283/2014), known as CEF Telecom Guidelines, sets out specific objectives and priorities for funding projects of common interest on broadband and on Digital Service Infrastructures (DSI). DSIs are comprised of Core Service Platforms (CSPs) and Generic Services (GS). CSPs address interoperability and security needs, through enabling digital interactions between public authorities and citizens, between public authorities and businesses and organisations, or between public authorities of different Member States on a standardised, cross-border and user-friendly basis. GS are gateway services linking one or more national infrastructure(s) to CSPs. Both the development of CSP and GS are supported through actions specified in annual work programmes endorsed by the CEF Programme Committee.