17 Amendments of Evžen TOŠENOVSKÝ related to 2017/0225(COD)
Amendment 135 #
Proposal for a regulation
Recital 30
Recital 30
(30) To ensure that it fully achieves its objectives, the Agency should liaise with relevant institutions, agencies and bodies, including CERT-EU, European Cybercrime Centre (EC3) at Europol, European Defence Agency (EDA), European GNSS Agency (GSA), European Agency for the operational management of large-scale IT systems (eu- LISA), European Aviation Safety Agency (EASA) and any other EU Agency that is involved in cybersecurity. It should also liaise with authorities dealing with data protection in order to exchange know-how and best practices and provide advice on cybersecurity aspects that might have an impact on their work. Representatives of national and Union law enforcement and data protection authorities should be eligible to be represented in the Agency’s Permanent Stakeholders Group. In liaising with law enforcement bodies regarding network and information security aspects that might have an impact on their work, the Agency should respect existing channels of information and established networks.
Amendment 137 #
Proposal for a regulation
Recital 32
Recital 32
(32) With a view to increasing Union preparedness infor responding to cybersecurity incidents, the Agency should organise yearly cybersecurity exercises at Union level, and, at their request,. The frequency of the excercises should reflect similar activities performed on national and international level, and in particular take into account cybersecurity exercises carried out by NATO. At their request, theAgency should support Member States and EU institutions, agencies and bodies in organising exercises.
Amendment 176 #
Proposal for a regulation
Recital 56
Recital 56
(56) The process of preparation and adoption of the certification schemes should be inclusive and transparent. The Commission should be empowered to request ENISA to prepare candidate schemes for specific ICT products or services. The Commission, based on the candidate scheme proposed by ENISA, should then be empowered to adopt the European cybersecurity certification scheme by means of implementing acts. Taking account of the general purpose and security objectives identified in this Regulation, European cybersecurity certification schemes adopted by the Commission should specify a minimum set of elements concerning the subject-matter, the scope and functioning of the individual scheme. These should include among others the scope and object of the cybersecurity certification, including the categories of ICT products and services covered, the detailed specification of the cybersecurity requirements, for example by reference to standards or technical specifications, the specific evaluation criteria and evaluation methods, as well as the intended level of assurance: basic, substantial and/or high.
Amendment 289 #
Proposal for a regulation
Article 6 – paragraph 1 – point g
Article 6 – paragraph 1 – point g
(g) the Member States by organising yearbiannually large-scale cybersecurity exercises at the Union level referred to in Article 7(6) and by making policy recommendations and exchanging best practices based on the evaluation process of the exercises and lessons learned from them;
Amendment 303 #
Proposal for a regulation
Article 7 – paragraph 6
Article 7 – paragraph 6
6. The Agency shall organise biannual cybersecurity exercises at Union level, and support Member States and EU institutions, agencies and bodies in organising exercises following their request(s). Annual exercises at Union level shall include technical, operational and strategic elements and help to prepare the cooperative response at the Union level to large-scale cross-border cybersecurity incidents. The Agency shall also contribute to and help organise, where appropriate, sectoral cybersecurity exercises together with relevant ISACs and permit ISACs to participate also to Union level cybersecurity exercises.
Amendment 315 #
Proposal for a regulation
Article 7 – paragraph 8 a (new)
Article 7 – paragraph 8 a (new)
8 a. The Agency shall support and foster the cooperation between the Member States in conducting IT security audits of critical cross-border infrastructures.
Amendment 359 #
Proposal for a regulation
Article 9 – paragraph 1 – point g a (new)
Article 9 – paragraph 1 – point g a (new)
(g a) facilitate creation and maintenance of a network of national education points of contact.
Amendment 406 #
Proposal for a regulation
Article 43 – paragraph 1
Article 43 – paragraph 1
A European cybersecurity certification scheme shall attest that the ICT products and services that have been certified in accordance with such scheme comply with specified requirements set out by European or international standards as regards their ability to resist at a given level of assurance, actions that aim to compromise the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or the functions or services offered by, or accessible via, those products, processes, services and systems.
Amendment 411 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Following a request from the Commission or the European Cybersecurity Certification Group, ENISA shall prepare a candidate European cybersecurity certification scheme which meets the requirements set out in Articles 45, 46 and 47 of this Regulation. Member States or the European Cybersecurity Certification Group (the 'Group') established under Article 53 may propose the preparation of a candidate European cybersecurity certification scheme to the Commission. The Commission and European Cybersecurity Certification Groups hall consider proposals for a European cybersecurity certification scheme proposed by the Stakeholders Consultation Platforms
Amendment 424 #
Proposal for a regulation
Article 44 – paragraph 2
Article 44 – paragraph 2
2. When preparing candidate schemes referred to in paragraph 1 of this Article, ENISA shall consult all relevant stakeholders and closely cooperate with the Group and the Stakeholders Consultation Platforms. The Group shall provide ENISA with the assistance and expert advice required by ENISA in relation to the preparation of the candidate scheme, including by providing opinions where necessary.
Amendment 472 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. A European cybersecurity certification scheme may specify one or more of the following assurance levels: basic, substantialintermediate and/or high, for ICT products and services issued under that scheme.
Amendment 480 #
Proposal for a regulation
Article 46 – paragraph 2 – introductory part
Article 46 – paragraph 2 – introductory part
2. The assurance levels basic, substantialintermediate and high shall meet the following criteria respectively:
Amendment 483 #
Proposal for a regulation
Article 46 – paragraph 2 – point a
Article 46 – paragraph 2 – point a
(a) assurance level basic shall refer to a certificate issued in the context of a European cybersecurity certification scheme, which provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to decrease the risk of cybersecurity incidents;
Amendment 493 #
Proposal for a regulation
Article 46 – paragraph 2 – point b
Article 46 – paragraph 2 – point b
(b) assurance level substantialintermediate shall refer to a certificate issued in the context of a European cybersecurity certification scheme, which provides a substantial degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to decrease substantially the risk of cybersecurity incidentsn intermediate degree of confidence ;
Amendment 502 #
Proposal for a regulation
Article 46 – paragraph 2 – point c
Article 46 – paragraph 2 – point c
(c) assurance level high shall refer to a certificate issued in the context of a European cybersecurity certification scheme, which provides a higher degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service than certificates with the assurance level substantial, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to prevent cybersecurity incidents.
Amendment 510 #
Proposal for a regulation
Article 46 – paragraph 2 a (new)
Article 46 – paragraph 2 a (new)
2a. Where necessary, the Commission may adopt implementing acts, in accordance with Article 55(2), taking into account the opinion by ENISA, European Cybersecurity Certification Group, and Stakeholder Consultation Platforms, providing for detailed framework requirements for each assurance level.
Amendment 553 #
Proposal for a regulation
Article 48 – paragraph 2
Article 48 – paragraph 2
2. The certification shall be voluntary, unless otherwise specified in Union law.strictly voluntary and shall be without prejudice to the voluntary self-assessment/self- declaration of conformity