BETA

15 Amendments of Pascal ARIMONT related to 2017/0225(COD)

Amendment 135 #
Proposal for a regulation
Article 2 – paragraph 1 – point 9
(9) ‘European cybersecurity certification scheme’ means the comprehensive set of rules, technical requirements, standards and procedures defined at Union level applying to the certification of Information and Communication Technology (ICT) hardware and software products and services falling under the scope of that specific scheme;
2018/03/02
Committee: IMCO
Amendment 243 #
Proposal for a regulation
Article 44 – paragraph 2 a (new)
2a. ENISA shall coordinate the compilation of a checklist of risks associated with the hardware or software of the ICT product or service. The risks shall be matched with corresponding cybersecurity features to be included in the candidate European cybersecurity certification scheme.
2018/03/02
Committee: IMCO
Amendment 247 #
Proposal for a regulation
Article 44 – paragraph 2 b (new)
2b. The checklist prepared shall draw from Member States’ experience in designing and implementing cybersecurity certificates within their jurisdictions. A list of expected risks will be drawn up, analysed and depending on an assessment of the risk environment that the ICT software or hardware product or ICT service will eventually operate in as well as the expected end user.
2018/03/02
Committee: IMCO
Amendment 272 #
Proposal for a regulation
Article 45 – paragraph 1 – point g
(g) ensure that ICT hardware and software products and services are provided with up to date software that does not contain known vulnerabilities, and are provided with mechanisms for secure software updates.
2018/03/02
Committee: IMCO
Amendment 320 #
Proposal for a regulation
Article 47 – paragraph 1 – point a
(a) subject-matter and scope of the certification, including the type or categories of ICT hardware and software products and services covered;
2018/03/02
Committee: IMCO
Amendment 322 #
Proposal for a regulation
Article 47 – paragraph 1 – point b
(b) detailed specification of the cybersecurity requirements against which the specific ICT hardware and software products and services are evaluated, for example by reference to Union or international standards or technical specifications;
2018/03/02
Committee: IMCO
Amendment 333 #
Proposal for a regulation
Article 47 – paragraph 1 – point f
(f) where the scheme provides for marks or labels, such an EU Cybersecurity Conformity Label signifying that the ICT product or service conforms to the criteria of a European cybersecurity certificate scheme, the conditions under which such marks or labels may be used;
2018/03/02
Committee: IMCO
Amendment 343 #
Proposal for a regulation
Article 47 – paragraph 1 – point j
(j) rulesthe requirement that an ICT hardware or software product trader or service provider has procedures and rules in place concerning how previously undetected cybersecurity vulnerabilities in ICT hardware and software products and services are to be reported and dealt with;
2018/03/02
Committee: IMCO
Amendment 368 #
Proposal for a regulation
Article 48 – paragraph 1
1. ICT hardware and software products and services that have been certified under a European cybersecurity certification scheme adopted pursuant to Article 44 shall be presumed to be compliant with the requirements of such scheme.
2018/03/02
Committee: IMCO
Amendment 411 #
Proposal for a regulation
Article 50 – paragraph 6 – point b
(b) monitor and, supervise and assess the activities of conformity assessment bodies for the purpose of this Regulation, including in relation to the notification of conformity assessment bodies and the related tasks set out in Article 52 of this Regulation;
2018/03/02
Committee: IMCO
Amendment 420 #
Proposal for a regulation
Article 50 – paragraph 7 – point e
(e) to withdraw, in accordance with national law, certificates that are not compliant with this Regulation or a European cybersecurity certification scheme and inform national accreditation bodies accordingly;
2018/03/02
Committee: IMCO
Amendment 430 #
Proposal for a regulation
Article 51 a (new)
Article 51 a Peer-Review Assessment 1. National accreditation bodies shall subject themselves to peer evaluation coordinated by ENISA. 2. Member States shall ensure that their national accreditation bodies periodically undergo peer evaluation. 3. Peer evaluation shall be conducted based on a set of transparent evaluation criteria and procedures that include structural resources, human resources, certification conformity procedures, confidentiality and complaints. National accreditation bodies shall have recourse to appeal procedures against decisions taken as a result of this peer evaluation. 4. Peer evaluation shall ascertain whether the national accreditation bodies meet the requirements enshrined in Regulation 765/2008/EC. 5. ENISA shall publish and communicate the outcome of the peer evaluation exercises to all Member States and to the Commission. 6. Together with Member States, the commission shall oversee the rules and the proper functioning of the peer evaluation system.
2018/03/02
Committee: IMCO
Amendment 432 #
Proposal for a regulation
Article 53 – paragraph 3 – point a a (new)
(aa) to provide ENISA with strategic guidance and to establish a work programme including the common actions to be undertaken at EU level to ensure the consistent application of this Title across all Member States;
2018/03/02
Committee: IMCO
Amendment 433 #
Proposal for a regulation
Article 53 – paragraph 3 – point a b (new)
(ab) to establish and periodically update a priority list of ICT products and services that urgently require an EU cybersecurity certification scheme;
2018/03/02
Committee: IMCO
Amendment 434 #
Proposal for a regulation
Article 53 – paragraph 3 – point b a (new)
(ba) to adopt binding rules determining the intervals at which national certification supervisory authorities are to carry out verifications of certificates and the criteria, scale and scope of these verifications and to adopt common rules and standards for reporting, in accordance with Article 50(6).
2018/03/02
Committee: IMCO