National Reference Framework for Cyber Security certification scheme
Within the scope of the national cyber security certification and capacity building activities, the National Cyber Security Centre is developing a certification scheme for compliance with the National Reference Framework for Cyber Security (QNRCS), which aims to certify the compliance of the implementation in national public and private candidate organisations of the measures established in the QNRCS for the identification, protection, detection, response, and recovery against the threats that could jeopardise the security of their networks and information systems, as well as their information.
In alignment with the main international standards in this area and the certification schemes under development in the context of the European Framework for Cyber Security Certification, the Certification Scheme for the National Cyber Security Framework (EC QNRCS), comprising an assessment methodology based on the collection of evidence of implementation of the QNRCS measures proposed in the Cyber Security Capabilities Assessment Framework (QACC), establishes the QNRCS in a manner analogous to that of a certifiable standard. DRAFT EC QNRCS
In December 2021, CNCS published the EC QNRCS project and associated documentation to collect comments and suggestions alluding to it.
The process of developing the scheme resulted in a new version of the EC QNRCS and its Annex 5 - Criteria and Audit Decisions, where the aforementioned implementation requirements and respective evidence are defined for the purposes of certification of compliance.
The CNCS publishes today this new version of the draft EC QNRCS and the "Audit Criteria and Decisions", for a second round of collecting comments and suggestions. The remaining associated documentation, which remains available on this page, will still have to be updated depending on the changes produced in the meantime. All contributions will be duly appreciated for the definition of the final versions of the documents, including with regard to the documentation not yet updated.
See the documentation by clicking on the captions:
Certification Scheme Application Form Model and brands Disclosure policy
- Documents available for contributions:
Critérios e decisões de auditoria
- Benchmarks for the certification scheme:
SUBMISSION OF CONTRIBUTIONS
Interested parties are requested to send their contributions, in writing and in Portuguese, by e-mail to the address email@example.com
, preferably by 08 July 2022