IT Security

Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing seeks to establish a stable, secure baseline for cloud operations. This effort provides a practical, actionable roadmap to managers wanting to adopt the cloud paradigm safely and securely. Domains are reviewed to emphasize security, stability, and privacy in a multi-tenant environment. The CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing builds on previous iterations through dedicated research, public participation from CSA members, working groups, and industry experts. This version incorporates advances in cloud, security, and supporting technologies, reflects on real-world cloud security practices, integrates the latest CSA research projects, and offers guidance for related technologies. The goal of the fourth version of Security Guidance for Critical Areas of Focus in Cloud Computing is to provide guidance and inspiration to support business goals while managing and mitigating the risks associated with cloud computing adoption.

The shift from traditional client/server to service-based models is transforming the way technology departments think about, designing, and delivering computing technology and applications. However, the improved value offered by cloud computing advances have also created new security vulnerabilities, including security issues whose full impacts are still emerging.The CSA Top Threats Working Group aims to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies.

This Technical Specification is for the production of conformity evidence for FDP-FDP ground-based system interoperability which has to be declared by the Air Navigation Service Provider (ANSP) before putting FDP-systems into service. This Technical Specification defines the Technical, Operational and Maintenance requirements for Flight Data Processing (ATC-ATC) system interoperability.
Flight Data Processing (FDP) interoperability between ATC units is a key element to facilitate and harmonise Flight Data systems data exchanges and critical to the functioning of a harmonised European Air Traffic Management system. FDP Interoperability can be achieved by the use of different techniques appropriate to the operational need, e.g. message exchange, replication mechanisms and data sharing.
The architectural framework in which the different actors have to inter-operate is of major importance to define the context in which the European Standards have to be developed.

This Technical Specification specifies the technical, operational and maintenance requirements for Software Assurance Levels to support the demonstration of compliance with some elements of the Essential Requirements Safety and Principles governing the construction of systems of the Regulation (EC 552/2004) of the European Parliament and of the Council on the interoperability of the European Air Traffic network (the Interoperability regulation).
This Technical Specification on Software Assurance Levels (SWAL) is intended to apply to software that is part of the EATMN, focusing only on its ground segment and providing a reference against which stakeholders can assess their own practices for software specification, design, development, operation, maintenance, evolution and decommissioning. Requirements in the present document which refer to should statements or recommendations in the normatively referenced material are to be interpreted as fully normative (shall) for the purpose of compliance with the present document.

ISO 15118-8:2018 specifies the requirements of the physical and data link layer of a wireless High Level Communication (HLC) between Electric Vehicles (EV) and the Electric Vehicle Supply Equipment (EVSE). The wireless communication technology is used as an alternative to the wired communication technology as defined in ISO 15118‑3.
It covers the overall information exchange between all actors involved in the electrical energy exchange. ISO 15118 (all parts) are applicable for conductive charging as well as Wireless Power Transfer (WPT). For conductive charging, only EVSEs compliant with "IEC 61851‑1 modes 3 and 4" and supporting HLC are covered by this document. For WPT, charging sites according to IEC 61980 (all parts) and vehicles according to ISO/PAS 19363 are covered by this document.

ISO 15118-4:2018 specifies conformance tests in the form of an Abstract Test Suite (ATS) for a System Under Test (SUT) implementing an EVCC or SECC according to ISO 15118-2.
These conformance tests specify the testing of capabilities and behaviors of an SUT as well as checking what is observed against the conformance requirements specified in ISO 15118-2 and against what the supplier states the SUT implementation's capabilities are. The capability tests within the ATS check that the observable capabilities of the SUT are in accordance with the static conformance requirements defined in ISO 15118-2. The behavior tests of the ATS examine an implementation as thoroughly as is practical over the full range of dynamic conformance requirements defined in ISO 15118-2 and within the capabilities of the SUT (see NOTE). A test architecture is described in correspondence to the ATS. The conformance test cases in this document are described leveraging this test architecture and are specified in TTCN-3 Core Language for ISO/OSI Network Layer (Layer 3) and above. The conformance test cases for the Data Link Layer (Layer 2) and Physical Layer (Layer 1) are described in ISO 15118-5. Test cases with overlapping scopes are explicitly detailed.

ISO 15118-3:2015 specifies the requirements of the physical and data link layer for a high-level communication, directly between battery electric vehicles (BEV) or plug-in hybrid electric vehicles (PHEV), termed as EV (electric vehicle) [ISO-1], based on a wired communication technology and the fixed electrical charging installation [Electric Vehicle Supply Equipment (EVSE)] used in addition to the basic signalling, as defined in [IEC-1].
It covers the overall information exchange between all actors involved in the electrical energy exchange. ISO 15118 (all parts) is applicable for manually connected conductive charging. Only "[IEC-1] modes 3 and 4" EVSEs, with a high-level communication module, are covered by this part of ISO 15118.

ISO 15118-2:2014 specifies the communication between battery electric vehicles (BEV) or plug-in hybrid electric vehicles (PHEV) and the Electric Vehicle Supply Equipment. The application layer message set defined in ISO 15118-2:2014 is designed to support the energy transfer from an EVSE to an EV. ISO 15118-1 contains additional use case elements describing the bidirectional energy transfer. The implementation of these use cases requires enhancements of the application layer message set defined herein. The purpose of ISO 15118-2:2014 is to detail the communication between an EV (BEV or a PHEV) and an EVSE. Aspects are specified to detect a vehicle in a communication network and enable an Internet Protocol (IP) based communication between EVCC and SECC. ISO 15118-2:2014 defines messages, data model, XML/EXI based data representation format, usage of V2GTP, TLS, TCP and IPv6. In addition, it describes how data link layer services can be accessed from a layer 3 perspective. The Data Link Layer and Physical Layer functionality is described in ISO 15118-3.

This document, as a basis for the other parts of the ISO 15118 series, specifies terms and definitions, general requirements and use cases for conductive and wireless HLC between the EVCC and the SECC. This document is applicable to HLC involved in conductive and wireless power transfer technologies in the context of manual or automatic connection devices. This document is also applicable to energy transfer either from EV supply equipment to charge the EV battery or from EV battery to EV supply equipment in order to supply energy to home, to loads or to the grid. This document provides a general overview and a common understanding of aspects influencing identification, association, charge or discharge control and optimisation, payment, load levelling, cybersecurity and privacy. It offers an interoperable EV-EV supply equipment interface to all e-mobility actors beyond SECC. The ISO 15118 series does not specify the vehicle internal communication between battery and other internal equipment (beside some dedicated message elements related to the energy transfer).

This Technical Report aims to be the entry point in relation to electronic signatures for any SME that is considering to dematerialize paper-based workflow(s) and seeks a sound legal and technical basis in order to integrate electronic signatures or electronic seals in this process. It is not intended to be a guide for SMEs active in the development of electronic signatures products and services - they should rather rely on the series ETSI EN 319 for building their offer - but it is a guide for SMEs CONSUMING e-Signature products and services. This document builds on CEN/TR 419040, "Guidelines for citizens", explaining the concept and use of electronic signatures, to further help SMEs to understand the relevance of using e-Signatures within their business processes. It guides SMEs in discovering the level of electronic Signatures which is appropriate for their needs, extends the work to specific use-case scenarios, paying special attention to technologies and solutions, and addresses other typical concrete questions that SMEs need to answer before any making any decisions (such as the question of recognition of their e-Signature by third parties, within their sector, country or even internationally).

The regulation on electronic identification and trusted eServices (eIDAS regulation) clearly extends the current Electronic Signature Directive from electronic signature towards electronic identification and electronic authentication. These two topics are closely linked to electronic signature and are considered in this context in this document. There are many documents, standards, industrial initiatives and European projects on identification and authentication, but the scope here is limited to electronic signature context, and wider to electronic transactions in the internal market. The present Technical Report is twofold. It firstly does a brief analysis of the implementing acts on electronic identities CIR 2015/1501 [29] and CIR 2015/1502 [30] and how this is addressed by the eID interoperability framework [31]. It secondly establishes what areas of existing standards are impacted by the eID framework and what further areas of standardization could assist nations in providing eID services.

We deal with issues relating to the ease of use and accessibility for all users. Our work is aimed at empowering industry to deliver successful new ICT products and services.

Our aim is to help industry to anticipate future problems as the marketplace becomes ever more diverse and fast-moving. One major goal is to identify emerging user interaction technologies, to look for factors that could cause problems for certain users in some situations, and to identify solutions. These considerations should greatly reduce the instances of the costly and reputation-damaging cycle of partial launch failure followed by expensive post-hoc fixes.

We are active in ensuring that European accessibility requirements related to public procurement of ICT products and services are approached in a way that is effective and embraced by industry. The European Standard EN 301 549, jointly published with CEN and CENELEC, was a major step in this direction. It is intended for use by public authorities and other public-sector bodies during procurement, to ensure that websites, software and digital devices are more accessible – to be used by persons with a wide range of abilities.