Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Implementation of the certification process
The figure above shows how the certification process works on the national level.
A certificate can be obtained from a Conformity Assessment Body (CAB) or, if the possibility is provided, via a conformity self-assessment.
- A scheme may allow conformity self-assessments (1). This means that a manufacturer or provider performs their own evaluation of whether their ICT product, service or process satisfies the security conditions of a specific scheme. If it does, the manufacturer or provider can get certification. Not every scheme will give this option. If it does, this is only for the ‘basic’ level. Currently only the EUCS provides self-assessment for the security level ‘basic’.
- BELAC, which is Belgium's national accreditation body (NAB) (2), accredits a Conformity Assessment Body (CAB) for a maximum of 5 years for a certain scheme.
An accredited CAB can certify a manufacturer or service provider for their ICT products, services or processes that satisfy the security conditions of the scheme for which certification is being requested. If the manufacturer or service provider does not satisfy the conditions, and the certificate is (temporarily) declined by a CAB, the manufacture can submit a claim to the CCB.
Through the Cybersecurity Act, it is possible that a non-Belgian CAB with an office in Belgium can request accreditation from BELAC. This then falls under Belgian control. Currently, Belgium favours a full or partial delegation to BELAC-accredited CABs for the European cybersecurity certificates with the “high” assurance level.