12 Amendments of Catherine STIHLER related to 2017/0225(COD)
Amendment 101 #
Proposal for a regulation
Recital 55 a (new)
Recital 55 a (new)
(55a) In light of innovation trends, and the growing accessibility and constantly increasing number of IoT devices in all sectors of society, particular attention must be paid to the security of all and even the simplest of IoT products. Therefore, as certification is a key method for increasing trust in the market and increasing security and resilience, emphasis should be given to IoT products and services in the new EU cybersecurity certification framework, in order to make them less vulnerable and safer for consumers and businesses.
Amendment 109 #
Proposal for a regulation
Recital 56 a (new)
Recital 56 a (new)
(56a) Among the evaluation methods and assessment procedures related to each European cybersecurity certification scheme, ethical hacking, the aim of which is to locate weaknesses and vulnerabilities of devices and information systems by anticipating the intended actions and skills of malicious hackers, should be promoted at Union level.
Amendment 156 #
Proposal for a regulation
Article 4 – paragraph 7
Article 4 – paragraph 7
7. The Agency shall promote a high level of awareness of citizens, authorities and businesses on issues related to the cybersecurity.
Amendment 177 #
Proposal for a regulation
Article 7 – paragraph 8 – point a
Article 7 – paragraph 8 – point a
(a) aggregating reports from national and international sources with a view to contribute to establishing common situational awareness;
Amendment 181 #
Proposal for a regulation
Article 8 – paragraph 1 – point a – point 1 a (new)
Article 8 – paragraph 1 – point a – point 1 a (new)
Amendment 208 #
Proposal for a regulation
Article 19 – paragraph 2
Article 19 – paragraph 2
2. The Executive Director shall report annually to the European Parliament on the performance of his or her duties or when invited to do so. The Council may invite the Executive Director to report on the performance of his or her duties.
Amendment 233 #
Proposal for a regulation
Article 44 – paragraph 2
Article 44 – paragraph 2
2. When preparing candidate schemes referred to in paragraph 1 of this Article, ENISA shall consult all relevant stakeholders and closely cooperate with the Group. The Group shall provide ENISA with the assistance and expert advice required by ENISA in relation to the preparation of the candidate scheme, including by providing opinions where necessary. ENISA shall ensure the participation of Member States’ representatives and all important parties concerned with the ICT product group or service in question. This includes parties along the value chains, such as trade unions, traders, retailers, importers, conformity assessment bodies, end-users and others. Business stakeholders including, but not limited to: manufacturers, cybersecurity solution providers, system integrators, security practitioners and asset owners, shall also be involved.
Amendment 245 #
Proposal for a regulation
Article 44 – paragraph 2 a (new)
Article 44 – paragraph 2 a (new)
2a. ENISA shall seek to align any candidate cybersecurity certification scheme, prepared pursuant to paragraph 1 of this Article, with relevant internationally recognised standards to the greatest extent possible.
Amendment 275 #
Proposal for a regulation
Article 45 – paragraph 1 – point g a (new)
Article 45 – paragraph 1 – point g a (new)
(ga) ensure that ICT products and services are developed according to the principle of ‘security by design’, following a risk-based approach depending on the context and severity of the situation as defined in Article 46.
Amendment 286 #
Proposal for a regulation
Article 46 – paragraph 1 a (new)
Article 46 – paragraph 1 a (new)
1a. Each scheme shall indicate the assessment methodology or evaluation process that is to be followed for issuing certificates at each assurance level, depending on the intended use and the risk inherent to the ICT products and services under that scheme.
Amendment 394 #
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. Without prejudice to paragraph 3, national cybersecurity certification schemes and the related procedures for the ICT products and services covered by a European cybersecurity certification scheme shall cease to produce effects from the date established in the implementing act adopted pursuant Article 44(4). The Commission shall monitor compliance with this subparagraph, in order to avoid the existence of concurrent schemes. Existing national cybersecurity certification schemes and the related procedures for the ICT products and services not covered by a European cybersecurity certification scheme shall continue to exist.
Amendment 437 #
Proposal for a regulation
Article 53 – paragraph 3 – point f a (new)
Article 53 – paragraph 3 – point f a (new)
(fa) to facilitate the alignment of European cybersecurity certification schemes with internationally recognised standards, including by: i) on an ongoing basis, reviewing existing European cybersecurity certification schemes to identify areas in which such schemes should be updated or modified to align with internationally recognised standards; ii) when appropriate, making recommendations to ENISA on areas where it should undertake engagement with relevant international standardisation organisations to address insufficiencies or gaps in available internationally recognised standards;