Development and validation of processes and tools used for agile certification of ICT products, ICT services and ICT processes
European Comission
ExpectedOutcome :
Projects are expected to contribute to at least three of the following outcomes:
- Availability of applicable tools and procedures for partial and continuous assessment and lean re-certification of ICT products, ICT services and ICT processes ;
- Reduction of time and efforts spent for (re-) certifying ICT products, ICT services and ICT processes ;
- Improved stakeholder collaboration on cybersecurity certification information, including manufacturers and end users from different Member States;
- Efficient (re-)use of information and evidence relevant to certification and in support of multi-scheme (re-)use;
- Integration of certification on the whole system modelling, verification, testing and verification process
- Increased comparability of assurance statements arising from certification schemes and the standards used therein; avoidance of multi-certification;
- Advancing test and simulation facilities, including incident and threat analysis;
- Increased Digital Twin capabilities for continuous assessment and integration of new solutions.
The proposal should provide appropriate indicators to measure its progress and specific impact.
Scope :
In order to foster the application of security standards, agile certification and continuous assessment of cyber resilience systems, actions will cover the harmonising, packaging and distributing of certification processes for contemporary ICT products, services, and processes but to new and disruptive technologies as well, such as AI and High Performance Computing.
To support cybersecurity autonomy of the EU, approaches concerning a dynamic, real time, collaborative vulnerability testing and information sharing should be developed and build on existing resources (including the work carried out in preparation of the EU cybersecurity certification framework, as established by the EU Cybersecurity Act) . The resources may range from tools, procedures, practices, and information sources, such as checklists, flaw repositories deployment and configuration guidance, and impact assessments posted by European industries, manufacturers, developers, CSIRTs, ISACs (Information Sharing and Analysis Centres), or national and international authorities (e.g. NIST, JVN) and relevant standards.
The actions should aim at improving certification processes, tools, evidence presentation and assurance statements, at least in quantifiable terms, where relevant by relying on a suitable IT security metric and should complement or aid other certifications relevant in other sectors or risk scenarios.
In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.
Specific Topic Conditions :
Activities are expected to achieve TRL 7 by the end of the project – see General Annex B.
Cross-cutting Priorities :
Digital Agenda Artificial Intelligence
General conditions
- Admissibility conditions: described in Annex A and Annex E of the Horizon Europe Work Programme General Annexes
Proposal page limits and layout: described in Part B of the Application Form available in the Submission System
- Eligible countries: described in Annex B of the Work Programme General Annexes
A number of non-EU/non-Associated Countries that are not automatically eligible for funding have made specific provisions for making funding available for their participants in Horizon Europe projects. See the information in the Horizon Europe Programme Guide .
3 . Other eligibility conditions: described in Annex B of the Work Programme General Annexes
Some activities, resulting from this topic, may involve using classified background and/or producing of security sensitive results (EUCI and SEN). Please refer to the related provisions in section B Security — EU classified and sensitive information of the General Annexes.
Financial and operational capacity and exclusion: described in Annex C of the Work Programme General Annexes
Evaluation and award:
Award criteria, scoring and thresholds are described in Annex D of the Work Programme General Annexes
Submission and evaluation processes are described in Annex F of the Work Programme General Annexes and the Online Manual
Indicative timeline for evaluation and grant agreement: described in Annex F of the Work Programme General Annexes
- Legal and financial set-up of the grants: described in Annex G of the Work Programme General Annexes
Specific conditions
- Specific conditions: described in the [specific topic of the Work Programme]
Documents
Call documents:
Standard application form (HE RIA, IA) — call-specific application form is available in the Submission System
Standard evaluation form (HE RIA, IA) — will be used with the necessary adaptations
HE General MGA v1.0 - MGA
Additional documents:
HE Main Work Programme 2021–2022 – 1. General Introduction
HE Main Work Programme 2021–2022 – 6. Civil Security for Society
HE Main Work Programme 2021–2022 – 13. General Annexes
HE Programme and Rules for Participation Regulation 2021/695
HE Specific Programme Decision 2021/764
Rules for Legal Entity Validation, LEAR Appointment and Financial Capacity Assessment
EU Grants AGA — Annotated Model Grant Agreement
Funding & Tenders Portal Online Manual