In December an agreement was reached for the European regulation called the “Cybersecurity act“.
This regulation is important because:
- entrusts ENISA with a more operational role, in particular as regards incident management
- introduces the European certification scheme for IT products and services
On this topic, I point out this article entitled Cybersecurity Act, ecco cosa ci aspetta dopo la Direttiva NIS
Today some are in force, but based on different schemes; in particular in Italy the common criteria are used (ISO / IEC 15408), while in other countries other requirements have been introduced.
It would be interesting to have conducted an analysis on these schemes.
Alessandro Siani IT Governance & Management Specialist 