info@digital-cubes.com
Call Us Now: +34 613 09 99 07

EUCC ISAC: Strengthening Cybersecurity in Europe

Home / Blog

EUCC ISAC: Strengthening Cybersecurity in Europe

An innovative framework for trust and interoperability in the certification of ICT products

Cybersecurity certification for Information and Communication Technologies (ICT) products is a fundamental pillar for building a robust and secure digital market in Europe. The constantly evolving regulatory landscape requires agile and reliable mechanisms that enable close collaboration between the public and private sectors.

In this context, the EU Common Criteria Information Sharing and Analysis Centre (EUCC ISAC) emerges as a crucial initiative. Created to succeed the former JIL Working Groups, the EUCC ISAC is an international non-profit association (AISBL) based in Brussels, designed to provide the support and maintenance required for the European Union certification scheme known as EUCC.

Key Objectives of the EUCC ISAC

The EUCC ISAC is not just an analysis centre; it is a strategic platform with multiple missions aimed at strengthening the cybersecurity ecosystem in the EU:

  • Facilitating Collaboration and Information Sharing: It acts as an essential bridge between public stakeholders (ENISA, European Commission, ESEm) and private entities. This includes promoting the exchange of best practices, vulnerability information, attack catalogues, and guidance documents for cybersecurity evaluation and assurance.
  • Improving Certification Standards and Methodologies: The ISAC actively contributes to the maintenance and revision of the EUCC scheme. This ensures that consistency in evaluation and trust in certification remain at high levels, while adapting to technological advances.
  • Promoting International Cooperation: While focused on the EUCC within Europe, the ISAC seeks mutual recognition agreements with certification schemes in third countries, fostering global trust in the EU framework.
  • Strengthening Industry Participation: Its goal is to actively involve manufacturers, vendors, Conformity Assessment Bodies (CABs), and other ecosystem actors in EUCC certification and standardisation processes.
  • Supporting Innovation and Scheme Development: It provides resources for piloting and testing new elements of the EUCC scheme, offering technical support for the development of new cybersecurity standards, Protection Profiles (PPs), and emerging technical domains (such as software and Artificial Intelligence).
  • Enhancing Public–Private Dialogue: It ensures open communication between regulators and industry representatives to address certification challenges (ecosystems, crisis management, etc.), advocating for the continuous improvement of the EUCC based on real-world feedback.

Governance Structure and Technical Groups

The EUCC ISAC operates under an agile and flexible governance structure, which includes a General Assembly, a Board of Directors, a Steering Committee and, above all, a set of Technical Groups.

The Steering Committee is the key interface between the technical groups and the EUCC Maintenance Subgroup (ESEm). Its role is strategic: to oversee activities, ensure consistency between groups, and manage the liaison with public authorities and ENISA.

The Technical Groups are the engine of the ISAC’s technical activity, working in different areas under their own Terms of Reference (ToR):

  • Attack Management Group: Includes groups dedicated to the study, harmonisation and definition of attack paths and attack potential. Under this umbrella sits the Joint Hardware Attack Subgroup (JHAS), which develops methodologies and guidance for evaluating attack paths on security IC hardware (integrated circuits), secure elements and security devices. Its evaluations range from AVA_VAN.2 up to AVA_VAN.5.

  • Evaluation and Certification Methodology Group: Brings together activities related to methodologies and supporting documents for Common Criteria evaluation. It includes:

    • International Security Certification Initiative (ISCI): Focused on supporting the interpretation and development of Common Criteria for hardware and software certifications, with an emphasis on achieving a common understanding of evaluation methodologies and the harmonisation of methods.

    • Embedded AI and Common Criteria Subgroup (ISCI Subgroup): A new work area dedicated to bridging the gap between cybersecurity evaluation of embedded AI and Common Criteria requirements. This group defines scopes for AI risk assessments.

  • PP Management Group: Responsible for coordinating aspects related to Protection Profiles (PPs), their maintenance and harmonisation.

  • Vulnerability Analysis Group: Provides structured mechanisms to manage and harmonise activities related to the identification, analysis and treatment of vulnerabilities in the context of the EUCC scheme.

How to Join the EUCC ISAC

The ISAC is designed to enable broad and relevant participation, following eligibility criteria and procedures defined in its statutes. The application process includes:

  • Submission of documentation justifying eligibility and technical expertise.

  • Review by the corresponding Technical Groups, which assess the suitability of the applicant.

  • Final review by the Steering Committee and the Board of Directors, which may approve or veto admission.

The EUCC ISAC constitutes a unique meeting point for industry, laboratories and public authorities to build a solid, coherent and technically advanced certification scheme.

For more information or to start an admission process, you can contact the ISAC administration through the official channels.

Share:

Categories

Recent news