Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes

In order to foster the application of security standards, agile certification and continuous assessment of cyber resilience systems, actions will cover the harmonising, packaging and distributing of certification processes for contemporary ICT products, services, and processes but to new and disruptive technologies as well, such as AI and High Performance Computing.

To support cybersecurity autonomy of the EU, approaches concerning a dynamic, real time, collaborative vulnerability testing and information sharing should be developed and build on existing resources (including the work carried out in preparation of the EU cybersecurity certification framework, as established by the EU Cybersecurity Act). The resources may range from tools, procedures, practices, and information sources, such as checklists, flaw repositories deployment and configuration guidance, and impact assessments posted by European industries, manufacturers, developers, CSIRTs, ISACs (Information Sharing and Analysis Centres), or national and international authorities (e.g. NIST, JVN) and relevant standards.

The actions should aim at improving certification processes, tools, evidence presentation and assurance statements, at least in quantifiable terms, where relevant by relying on a suitable IT security metric and should complement or aid other certifications relevant in other sectors or risk scenarios.

In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.