Definition and purpose

The primary purpose of ETSI TC Cyber is to provide a coordinated approach to the complex challenge of securing modern information and communication systems. This committee is tasked with creating security standards that are applicable across a broad range of technologies and industries, ensuring a secure digital environment for businesses, governments, and consumers.

Governing Body

ETSI TC Cyber operates under the auspices of the European Telecommunications Standards Institute (ETSI), which is an independent, not-for-profit standardization organization in the telecommunications industry.

Last updated

ETSI TC Cyber is an active committee, and its work items, including standards and technical reports, are continuously being developed and updated. Its most recent publication, ESTI TS 103 732-1 V2.1.1 was published in October 2023.

Applies to

The standards and technical specifications developed by ETSI TC Cyber apply to a wide range of industries and sectors that use ICT, including telecommunications, financial services, health care, transport, and energy, among others.

Controls and requirements

As a standards-developing body, ETSI TC Cyber's output is diverse, covering multiple areas of cybersecurity. Some areas of focus include:

• Privacy by design: Incorporating privacy into ICT from the outset.
• Critical Infrastructure Protection: Developing standards for securing essential services.
• Cybersecurity Certification: Creating frameworks for the certification of ICT products, processes, and services.
• Quantum-Safe Cryptography: Preparing for the impact of quantum computing on cybersecurity.
• Consumer IoT Security: Establishing security guidelines for IoT devices within the consumer market.

Please refer to the official ESTI Cyber committee page for details on controls and requirements.

Audit type, frequency, and duration

Audits related to ETSI TC Cyber standards would typically involve assessing compliance with specific cybersecurity standards and can be performed by internal audit teams or external certification bodies. The frequency of audits would vary depending on the specific standard and the operational practices of the organization but may be influenced by regulatory requirements or industry best practices.

The duration of such audits would depend on the scope of the standard being applied and the size and complexity of the systems or services being audited.