ENISA Cybersecurity Guidelines
European Union Agency for Cybersecurity - Best Practice Guidelines
Overview
Collection of practical guidelines and best practices published by ENISA covering IoT security, vulnerability disclosure, supply chain security, and incident handling aligned with EU regulatory requirements.
Applicability
EU-specific cybersecurity best practices across multiple domains
Relevance to Cyber Resilience Act (CRA)
EU-specific guidance highly relevant to CRA implementation and interpretation
Key Coverage Areas
Standard Sections & Chapters
Baseline Security Recommendations for IoT
Good Practice Guide on Vulnerability Disclosure
Understanding the Increase in Supply Chain Security Attacks
Good Practice Guide for Incident Management
Handbook on Security Measures for 5G
Related Cyber Resilience Act (CRA) Articles
Article I: ESSENTIAL CYBERSECURITY REQUIREMENTS
View Article →IoT security baseline requirements
Implementation Guidance:
Apply ENISA IoT security baseline as practical implementation guide
Article 13: Obligations of manufacturers
View Article →IoT baseline security recommendations
Implementation Guidance:
Follow ENISA baseline for IoT products and connected devices
Article 16: Establishment of a single reporting platform
View Article →EU-specific vulnerability disclosure best practices
Implementation Guidance:
Follow ENISA guidance for coordinated vulnerability disclosure in EU context
Mapped Obligations:
- ENISA must establish and maintain a single reporting platform for vulnerability and incident notifications
- CSIRTs must notify market surveillance authorities of actively exploited vulnerabilities and severe incidents
- ENISA must implement security measures to protect the platform and notify any security incidents
Article 18: Authorised representatives
View Article →Incident management best practices
Implementation Guidance:
Follow ENISA guidance for incident handling and reporting
Article 21: Cases in which obligations of manufacturers apply to importers and distributors
View Article →Supply chain security attack mitigation
Implementation Guidance:
Understand and mitigate supply chain attack vectors
Article 24: Obligations of open-source software stewards
View Article →Risk assessment methodologies
Implementation Guidance:
Apply ENISA risk assessment frameworks appropriate to your domain
Quick Information
- Organization
- ENISA
- Category
- EU Cybersecurity Guidance
- Certification
- Not available