ETSI TC Cyber
ETSI TC Cyber is a Technical Committee within the European Telecommunications Standards Institute (ETSI) that focuses on standardization in the area of cybersecurity. Its work involves developing standards, technical specifications, and reports to ensure high levels of security for Information and Communication Technology (ICT) services, equipment, and infrastructures.
Definition and purpose
The primary purpose of ETSI TC Cyber is to provide a coordinated approach to the complex challenge of securing modern information and communication systems. This committee is tasked with creating security standards that are applicable across a broad range of technologies and industries, ensuring a secure digital environment for businesses, governments, and consumers.
ETSI TC Cyber operates under the auspices of the European Telecommunications Standards Institute (ETSI), which is an independent, not-for-profit standardization organization in the telecommunications industry.
ETSI TC Cyber is an active committee, and its work items, including standards and technical reports, are continuously being developed and updated. Its most recent publication, ESTI TS 103 732-1 V2.1.1 was published in October 2023.
The standards and technical specifications developed by ETSI TC Cyber apply to a wide range of industries and sectors that use ICT, including telecommunications, financial services, health care, transport, and energy, among others.
Controls and requirements
As a standards-developing body, ETSI TC Cyber's output is diverse, covering multiple areas of cybersecurity. Some areas of focus include:
- Privacy by design: Incorporating privacy into ICT from the outset.
- Critical Infrastructure Protection: Developing standards for securing essential services.
- Cybersecurity Certification: Creating frameworks for the certification of ICT products, processes, and services.
- Quantum-Safe Cryptography: Preparing for the impact of quantum computing on cybersecurity.
- Consumer IoT Security: Establishing security guidelines for IoT devices within the consumer market.
Please refer to the official ESTI Cyber committee page for details on controls and requirements.
Audit type, frequency, and duration
Audits related to ETSI TC Cyber standards would typically involve assessing compliance with specific cybersecurity standards and can be performed by internal audit teams or external certification bodies. The frequency of audits would vary depending on the specific standard and the operational practices of the organization but may be influenced by regulatory requirements or industry best practices.
The duration of such audits would depend on the scope of the standard being applied and the size and complexity of the systems or services being audited.