7. Certification
Institutional, professional, and product conformity assessment/accreditation/certification offers consumers an independent and impartial confirmation that a product or service complies with, or fulfils the requirements and characteristics described in a standard or published technical specifications. Verification of conformance to requirements that can include performance, safety, efficiency, effectiveness, reliability, durability, or environmental impacts is done through testing or/and inspection.
The IECEE cyber security certification programme tests and certifies cybersecurity of electrotechnical products and systems in the electrotechnical sphere, based on the applicable IEC Standards. The programme is applicable to any sector with critical infrastructure, including medical, utility, and automotive.
Resources:
The Regulation (EU) 2019/881 (Cybersecurity Act), establishes the European cybersecurity certification framework.
The framework’s objective is to ensure an adequate level of cybersecurity for ICT products, services and processes, as well as ensuring consistency in cybersecurity certification schemes in the EU. The cybersecurity certification scheme is a comprehensive set of rules, technical requirements, standards, and procedures that apply to the certification or conformity assessment of specific ICT products, services or processes.
In France, certification is based on evaluations conducted in accordance with ANSSI specifications or standards conducted by Information Technology Security Evaluation Facilities (ITSEF), licensed by the French Prime minister and accredited by the French accreditation committee (COFRAC), according to the standard EN ISO/CEI 17025.
Access to the internet is via consumer devices, and the IEEE Conformity Assessment Program (ICAP) develops and implements programs that couple standard development activities with conformity assessment activities to help accelerate market adoption while reducing implementation costs. Consumers, manufacturers, service providers, value-added resellers, and businesses expect product reliability, efficiency, security, and interoperability.
Professionals can receive certification by taking courses offered by organisations certified against the ISO/IEC 17024:2021. Certified courses provide the benefits of confidence, mutual recognition, and the global exchange of personnel. The International Information System Security Certification Consortium, Inc. (ISC)2 offers various information security certifications including Certified Information Systems Security Professional (CISSP) for leaders with understanding of cybersecurity strategy and operations. Professional certification can also be obtained through the ISACA and COMPTIA.
In cyber incident management, the CSIRTs participate and maintain a team’s accreditation and certification status within the Trusted Introducer (TI) community, which is a prerequisite to membership on international networks such as FIRST.