TrustBoost

  • About the project
  • Project Activities
  • Coordinator Details
  • Partners
  • Supporting Organisations
  • Big Media
  • Blog
  • Contact Us
  • …  
    • About the project
    • Project Activities
    • Coordinator Details
    • Partners
    • Supporting Organisations
    • Big Media
    • Blog
    • Contact Us

TrustBoost

  • About the project
  • Project Activities
  • Coordinator Details
  • Partners
  • Supporting Organisations
  • Big Media
  • Blog
  • Contact Us
  • …  
    • About the project
    • Project Activities
    • Coordinator Details
    • Partners
    • Supporting Organisations
    • Big Media
    • Blog
    • Contact Us

Building the Baseline for Cybersecurity Certification Readiness in Europe

How a unified approach to governance, infrastructure and practical procedures is helping Europe move towards a more harmonised cybersecurity certification ecosystem

· Capabilities Readiness Reference

TrustBoost is working to strengthen cybersecuritycertification capabilities across Europe by promoting a unified approach to governance, infrastructure and operational processes. The project has established a practical baseline to help stakeholders work from common principles, shared processes and consistent evidence requirements.

Why this work matters

Cybersecurity certification depends on more than technicalexpertise. It requires clear responsibilities, secure environments, competent personnel, reliable evidence handling, documented procedures and structured cooperation. A unified approach brings these elements together so Member States and certification actors can move in the same direction while adapting to their own national and organisational contexts.

Three building blocks for certification readiness

Section image

The baseline is built around three connected areas:governance, physical and logical infrastructure, and reference implementation documentation. Together, they provide a common foundation for roles and responsibilities, secure operating environments, and practical policies, procedures, templates and workflows.

These outputs support a more consistent and auditable certification journey. They also help future CyberBoost platform workflows and pilot activities by giving stakeholders a shared understanding of the processes, controls and evidence needed for EUCC and CRA-aligned assessment scenarios.

Key findings from the baseline assessment

The assessment confirmed that many organisations already apply valuable cybersecurity, confidentiality, access control and recordkeeping practices. However, these practices are not always formalised in a consistent way. A unified baseline helps turn individual good practices into repeatable, auditable and comparable certification workflows.

Section image

Readiness also varies across stakeholder groups.Certification Bodies generally showed stronger structural maturity, while IT Security Evaluation Facilities were identified as a priority area for further
development. National Cybersecurity Certification Authorities showed different levels of maturity, reflecting national legal, organisational and implementation contexts.

From documentation to implementation

A major contribution is the development of referencedocumentation that can be adapted by Certification Bodies and IT Security Evaluation Facilities. The materials cover application handling, assessment planning, evaluation oversight, certification decision-making, vulnerability handling, surveillance, complaints, appeals and interaction with competent authorities.

The documentation is designed as a flexible baseline ratherthan a one-size-fits-all solution. This means organisations can tailor it to their legal mandate, accreditation status, scheme scope and operational context while still working from a common approach.

What comes next

The next challenge is implementation. Future work will focuson validating the baseline through pilot activities, strengthening competence frameworks, improving digital case management, formalising secure information exchange and maintaining alignment with the evolving EU regulatory landscape.

A step towards a more resilient certification ecosystem

By combining governance, infrastructure and operational documentation into one integrated baseline, TrustBoost moves closer to its objective of unifying and upgrading cybersecurity certification capabilities across Europe. The result is a shared framework for building consistency, transparency, auditability and trust in the European cybersecurity certification ecosystem.

Download and explore the documentation below to gain a comprehensive understanding of the requirements, guidance, and resources available. We welcome your feedback and encourage you to share any comments, suggestions, or questions with us at deploycyber@nsai.ie. Your insights are invaluable in helping us improve and refine the documentation for the wider community.

CB Processes
ITSEF Processes

Subscribe
Previous
TrustBoost Strategy Exchange Workshop (online)
Next
Strengthening Cybersecurity Certification Through...
 Return to site
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
These cookies help us better understand how visitors interact with our website and help us discover errors.
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save