SYSTEM OF CERTIFICATION OF CYBERSECURITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGIES

Abstract

Cybersecurity of information and communication technologies (hereinafter - ICT) is a key issue for maintaining the functioning and security of the digital economy and public administration in the soon. An important role in the field of cybersecurity is played by the conformity assessment (certification) of cybersecurity. This may apply to the cybersecurity of ICT components, products, equipment, services and processes, to the cybersecurity of cloud services, to the cybersecurity of technological processes, to personal competence in the field of cybersecurity, and so on. Cybersecurity certification rules, procedures, and management establish a certification scheme, and a set of rules and procedures for managing similar or related conformity assessment schemes form a certification system. Creating cybersecurity certification schemes is a priority and relevant today. There are now a number of systems and assessment standards that can be applied to cybersecurity certification, but they do not ensure mutual recognition of test laboratory test and evaluation procedures and results, and the pursuit of harmonized and comparable cybersecurity assessment and implementation procedures. This situation is a global problem. Accordingly, the current legislation of Ukraine in the field of cybersecurity sets tasks for the application of the best international and European principles of conformity assessment of information and cybersecurity. The creation of cybersecurity certification systems and schemes based on international and European principles of conformity assessment requires appropriate scientific and methodological support. The article proposes a hierarchical model of assessment standards for the cybersecurity certification system and a hierarchical model of agreements on mutual recognition of cybersecurity certificates. Also, in the article, based on these models, the basics of the Cyber ​​Security Certification System and Cyber ​​Security Certification Schemes for ICT products and cloud services are proposed, with an emphasis on such elements as: assessment standards; accreditation of certification bodies; mutual recognition of certification results