The National Cybersecurity Certification Authority of Cyprus (NCCA) is pleased to share an important milestone in European cybersecurity certification. The publication of the Vulnerability Handling Guidance for the EUCC.

This document is the result of extensive collaboration within the European Union Agency for Cybersecurity (ENISA) Thematic Group on Vulnerability Handling on Certified Solutions (TG VHCS). Since the launch of this initiative in 2023, experts have engaged in in-depth technical discussions and continuous refinements to ensure the guidance upholds the highest cybersecurity standards. Cyber threats are constantly evolving, and vulnerabilities in digital products can lead to serious security incidents if not addressed effectively. The Vulnerability Handling Guidance provides a structured and standardized approach to vulnerability management, ensuring that certified solutions remain secure even after certification.

We sincerely thank all TG VHCS members and stakeholders who dedicated their time, knowledge, and efforts to shaping this document. In addition to the efforts of the TG VHCS, this guidance was reviewed at the European Cybersecurity Certification Group (ECCG) level, where national certification authorities including the NCCA provided valuable insights. With the ECCG’s official endorsement, this document marks a significant step forward in reinforcing the EUCC framework.

The NCCA remains committed to advancing cybersecurity certification and collaborating with the broader European cybersecurity community to enhance security and resilience across the EU.

More details on the EUCC Guidance on Vulnerability Handling can be found at the ENISA official certification website.