4 Amendments of Lambert van NISTELROOIJ related to 2017/0225(COD)
Amendment 100 #
Proposal for a regulation
Recital 55
Recital 55
(55) The purpose of European cybersecurity certification schemes should be to ensure that ICT products and services certified under such a scheme comply with specified requirements. Such requirements concern the ability to resist, at a given level of assurance, actions that aim to compromise the availability, authenticity, integrity and confidentiality of stored or transmitted or processed data or the related functions of or services offered by, or accessible via those products, processes, services and systems within the meaning of this Regulation. It is not possible to set out in detail in this Regulation the cybersecurity requirements relating to all ICT products and services. ICT products and services and related cybersecurity needs are so diverse that it is very difficult to come up with general cybersecurity requirements valid across the board. It is, therefore necessary to adopt a broad and general notion of cybersecurity for the purpose of certification, complemented by a set of specific cybersecurity objectives that need to be taken into account when designing European cybersecurity certification schemes. The modalities with which such objectives will be achieved in specific ICT products and services should then be further specified in detail at the level of the individual certification scheme adopted by the Commission, for example by reference to standards or technical specifications. Depending on the certification scheme, the specified requirements of the scheme could, in principle, make use of existing best practices where applicable.
Amendment 118 #
Proposal for a regulation
Recital 57
Recital 57
(57) RThe baseline ICT secourseity should be regulated in a to European cybersecurity certification should remain voluntaframework that should be mandatory, unless otherwise provided in Union or national legislation. However, with a view to achieving the objectives of this Regulation and avoiding the fragmentation of the internal market, national cybersecurity certification schemes or procedures for the ICT products and services covered by a European cybersecurity certification scheme should cease to produce effects from the date established by the Commission by means of the implementing act. Moreover, Member States should not introduce new national certification schemes providing cybersecurity certification schemes for ICT products and services already covered by an existing European cybersecurity certification scheme.
Amendment 362 #
1a. a mechanism and tools to efficiently manage minor version releases(s) or security updates (for example in relation to patching);
Amendment 374 #
Proposal for a regulation
Article 48 – paragraph 2
Article 48 – paragraph 2
2. The certification shall be voluntamandatory, unless otherwise specified in Union law.