Skip to main content

New BSI Standards

Please be advised that a New Work Item Proposal has been loaded to the BSI Standards Development Portal for comment. We hope this will assist in increasing awareness of the Standards Development Portfolio.  

Any comments received will be submitted to IST/33 – Information security, cybersecurity, for consideration when deciding the UK response to CEN.  

Proposal: CEN/CLC/JTC 13 N 507 Multi-layered approach for a set of requirements for information/cyber security controls for Cloud Services. 

 Please visit http://standardsdevelopment.bsigroup.com/projects/9021-05456 

Comment period end date: 18/05/2021 

Scope 

This Technical Specification (TS) provides a set of information security requirements for information/cyber security controls for Cloud Services 

This TS is applicable for organizations providing cloud services and their subservice organizations. 

Purpose 

ENISA is developing several certification schemes based on the provisions stated in the Cybersecurity Act (CSA). One of these schemes will address information security aspects for companies providing cloud services within the European Union. The current draft for this certification scheme includes an Annex stating mandatory requirements for these Cloud Service Providers. 

It is the shared understanding of ENISA and CEN-CLC JTC13 that this Annex should not be part of the certification scheme itself but rather be an European standard which will be referred to by the certification scheme. 

These controls and their requirements shall be determined by a risk management approach, and be updated regularly or whenever needed. 

Therefore it is necessary for CEN-CLC JTC13 to take the existing Annex – provided by ENISA – , transfer it into a draft for a Technical Specification and use its established procedures to develop such a Technical Specification.  

Proposal: CEN/CLC/JTC 13 N 502, Revision of EN ISO/IEC 27002 Information security, cybersecurity and privacy protection — Information security controls. 

Please visit http://standardsdevelopment.bsigroup.com/projects/9021-05453 

Comment period end date: 15/05/2021 

Scope 

This document provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations: 

a) within the context of an ISMS based on ISO/IEC 27001; 

b) for implementing information security controls based on internationally recognized best practices; 

c) for developing their own information security management guidelines. 

 Purpose 

SO/IEC 27002 is widely recognised standard within the 2700x ISMS family of standards. The international standard ISO/IEC 27002 is currently under revision, therefore the EN ISO/IEC 27002:2017 is proposed for revision to harmonize with the new version of the international standard. 

Proposal: CEN/CLC/JTC 13 N 508 Requirements for Conformity Assessment Bodies certifying Cloud Services. 

Please visit http://standardsdevelopment.bsigroup.com/projects/9021-05451 

Comment period end date: 18/05/2021 

Scope 

This TS provides requirements and ISO/IEC 17065 interpretations for Conformity Assessment Bodies (CABs) assessing Cloud Services 

This TS is intended to be used by the National Accreditation Bodies (NABs), as well as CABs. 

Purpose 

This NWI intends to answer to the ENISA request to JTC13 given in document JTC13 N484, in particular providing a new Technical Specification that addresses interpretations and specifics of the accreditation assessment process as an extension to ISO/IEC 17065 that suites the requirements for Conformity Assessment Bodies (CABs) assessing Cloud Services for the candidate Cloud Services Scheme defined by ENISA (EUCS). 

This TS is aims to achieve to achieve harmonisation in the effective implementation of the EUCS, by providing common accreditation baseline requirements and assessment criteria when accrediting those CABs that are to issue EUCS certificates. Users of this TS are expected to be both the National Accreditation Bodies (NABs), as well as CABs. 

This TS is intended to be widely applicable. 

If you have any comment or need more information, please contact Sami Ortiz at sami.ortiz@mta.org.uk