Re: 4 letters covers it
Indeed, and GCHQ's CESG.
But ENISA seem to have picked quite the elephant-
This is a framework that will allow certifying authorities to certify everything from lightbulbs, toasters to atomic stations and submarines. And processes and services,”
That's.. a pretty broad remit, and somehow I doubt the UK, France, Germany, Netherlands etc would be too keen on detailed information sharing about their subs. Like our nice new Astutes, or Trident replacement. I'm pretty sure national authorities would prefer to self-certify their security given the sensitivity.
It's a nice idea though, but not necessarily new, ie the EAL1-7 rating for IT components.. But it's one of those wicked problems given the complexity and potential overlap with other existing standards, like BSxxxx for safety/functionality and other ISO activities.
But such is politics. Crete's a nice place to work, but not the cheapest location given the amount of travel that'll probably be needed. Unless the EU wants to block itself off from the rest of the world via certification barriers, it'll need to work with the UK, US, Israel, Turkey, China etc etc.