< compliance
CenturyLink can assist with ENISA compliance.

ENISA

European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the EU.

The European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the EU, its member states, the private sector and Europe's citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe's critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU.

ENISA's Role

ENISA plays a key role in the implementation of the Framework directive (2002/21/EC as amended by 2009/140/EC) and Article 13a in particular. ENISA is mentioned in the preambles of the Framework directive:

  • Preamble 44 of the Framework directive asks ENISA to contribute to enhancing the level of security of electronic communications by, among other things, "providing expertise and advice, and promoting the exchange of best practice."
  • Preamble 44 of the Framework directive mentions that ENISA should have the means to carry out the relevant duties and the powers "to obtain sufficient information to assess the level of security of networks and services."
  • Preamble 46 of the Framework directive asks ENISA to contribute to the "harmonization of security measures by providing expert advice."

ENISA is also mentioned in Article 13a of the Framework directive:

  • Paragraph 3 of Article 13a requires National Regulatory Authorities (NRAs) to, when appropriate, inform NRAs in other Member States and ENISA about security incidents.

ENISA has played an important role in giving stakeholders an overview of the information security risks when migrating to the cloud.

ENISA's Objectives

First objective: To implement the incident reporting mandated in Article 13a, i.e. to agree with the Member States on an efficient implementation of pan-European incident reporting, including the processes of ad-hoc reporting about cross-border incidents as well as the annual summary reporting.

Second objective: To support NRAs with the task of ensuring that providers take appropriate security measures and the supervision activities in general, including collecting incident reports nationally, following up on incidents, analyzing and mitigating common root causes, providing guidance to the providers, and so on.

In this way ENISA supports an efficient and harmonized implementation of Article 13a across the EU. Harmonized implementation of legislation is important to create a level playing field and makes it easier for providers and users to operate across different EU countries.

The 2009 ENISA cloud security risk assessment is widely referred to, across EU member states, and outside the EU. Following up on this assessment ENISA published an assurance framework for governing the information security risks when going cloud. This assurance framework is being used as the basis for some industry initiatives on cloud assurance. In 2011 ENISA published a report on security and resilience in government clouds.

To evaluate CenturyLink's compliance with ENISA's criteria, customers can refer to CenturyLink's CSA CAIQ version 3.0.1 where the ENISA's requirements have been mapped against CSA's control framework.

Related Products

Cloud Services

Hybrid-ready public cloud provides the agility, scalability and security expected from an enterprise-class cloud, backed by an industry leading global network.

Managed Services

Experts at the ready to maintain and administer your cloud deployments. Rapid provisioning, hourly billing, and highly automated.

Managed Security

A full complement of threat prevention, threat management, incident response and analysis services to support your hosted or on-premise enterprise security environments.

Managed Hosting

Maintain complex IT infrastructure and applications with our comprehensive portfolio of managed hosting services including, fully manage networks, servers, storage, operating systems, and security.

Managed Storage & Backups

Gives a range of storage options including data replication and back up/archiving. CenturyLink solutions are secure, affordable and can provide data resilience with up to 5 nines.