The National Cybersecurity Agency – ACN – is moving towards product cyber security certifications through an internal update at both an organizational and procedural level. The legislative decree under discussion serves to identify national adjustments to the European cyber security certification framework.
The new Italian cyber security posture
The meeting of OCSI (IT Security Certification Body) and CVCN (National Evaluation and Certification Center) under the aegis of the ACN is an important milestone for the Italian cyber security posture. This change will contribute to product certification becoming the standard for stabilization and consolidation of the cyber security discipline, exactly as has happened in the past in the market with a view to safety and chemical and biological safety of products of any kind. Mandatory nature will bring new habits and will spread thanks to the supply chain and supplies market, giving rise to new standards and new widespread, widespread and shared professionalism, no longer the prerogative of a select few.
The importance of cyber security product certifications
Cyber security product certifications have existed in Italy for over twenty years, since 1995, but they could only be used in the context of national security. In 2003, a second National Scheme was established suitable for providing certification services to all sectors that do not belong to this context, but only after another twenty years was the decree and the Italian scheme for commercial products born.
The ongoing decree provides that the Agency, in case of violation of the obligations of the European cybersecurity certification framework and article 65 of the Cyber Security Regulation, will impose financial and additional sanctions. Revenues which, if the decree remains as proposed, will increase the allocation of the chapters of the Agency’s budget intended for research and training activities on the cybersecurity certification of ICT products. Furthermore, if the Agency ascertains the non-compliance of an EU declaration of conformity as a result of the surveillance activities, it will be the obligation of the issuing manufacturer or supplier to review or revoke the EU declaration of conformity within thirty days, informing the Agency and ENISA.
The Cybersecurity Act of the European Union pursues the objective of putting in place a mechanism aimed at establishing European cybersecurity certification systems and at certifying that the ICT products, services and processes assessed within them comply with certain security requirements, in order to protect the availability, authenticity, integrity or confidentiality of the data stored, transmitted or processed or the functions or services offered by such products, services and processes or accessible through them throughout their life cycle. In practice, the idea behind creating an ICT product certification scheme is to check a set of basic security requirements, once, and for all customers.
In addition to following the European regulation, it is good practice for professionals, institutions, companies, traders and all those who hold sensitive data of their employees and customers to also protect themselves through specifically designed insurance. There Lokky Cyber Risk Policy offers the insured the coverage of expenses and losses resulting from cyber attacks, as well as providing the intervention of an expert for the recovery of lost data and for decontamination from any malware. All services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also presents a Top version of the policy which instead provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company image.
Unforeseen events lurk around the corner, and the presence of an advanced insurance broker, able to assist and advise the company also in managing the claim, can make the difference between the positive or negative performance of a business that has suffered a cyber attack.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
