Ce topic appartient à l'appel Increased cybersecurity 2022
HORIZON-CL3-2022-CS-01-04

Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes

Type d'action : HORIZON Innovation Actions
Nombre d'étapes : Single stage
Date d'ouverture : 30 juin 2022
Date de clôture : 16 novembre 2022 17:00
Détail du topic
Budget : €18 000 000
Call : Increased cybersecurity 2022
Call Identifier : HORIZON-CL3-2022-CS-01
Description :

ExpectedOutcome:

Projects are expected to contribute to at least three of the following outcomes:

  • Availability of applicable tools and procedures for partial and continuous assessment and lean re-certification of ICT products, ICT services and ICT processes;
  • Reduction of time and efforts spent for (re-) certifying ICT products, ICT services and ICT processes;
  • Improved stakeholder collaboration on cybersecurity certification information, including manufacturers and end users from different Member States;
  • Efficient (re-)use of information and evidence relevant to certification and in support of multi-scheme (re-)use;
  • Integration of certification on the whole system modelling, verification, testing and verification process
  • Increased comparability of assurance statements arising from certification schemes and the standards used therein; avoidance of multi-certification;
  • Advancing test and simulation facilities, including incident and threat analysis;
  • Increased Digital Twin capabilities for continuous assessment and integration of new solutions.

The proposal should provide appropriate indicators to measure its progress and specific impact.

Scope:

In order to foster the application of security standards, agile certification and continuous assessment of cyber resilience systems, actions will cover the harmonising, packaging and distributing of certification processes for contemporary ICT products, services, and processes but to new and disruptive technologies as well, such as AI and High Performance Computing.

To support cybersecurity autonomy of the EU, approaches concerning a dynamic, real time, collaborative vulnerability testing and information sharing should be developed and build on existing resources (including the work carried out in preparation of the EU cybersecurity certification framework, as established by the EU Cybersecurity Act). The resources may range from tools, procedures, practices, and information sources, such as checklists, flaw repositories deployment and configuration guidance, and impact assessments posted by European industries, manufacturers, developers, CSIRTs, ISACs (Information Sharing and Analysis Centres), or national and international authorities (e.g. NIST, JVN) and relevant standards.

The actions should aim at improving certification processes, tools, evidence presentation and assurance statements, at least in quantifiable terms, where relevant by relying on a suitable IT security metric and should complement or aid other certifications relevant in other sectors or risk scenarios.

In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.

Specific Topic Conditions:

Activities are expected to achieve TRL 7 by the end of the project – see General Annex B.

Cross-cutting Priorities:

Digital AgendaArtificial Intelligence
Trouver des partenaires potentiels