FantasticSearch

1. CERT-EU’s mission shall be to contribute to the security of the unclassified ICT environment of Union entities by advising them on cybersecurity, by helping them to prevent, detect, handle, mitigate, respond to and recover from incidents and by acting as their cybersecurity information exchange and incident response coordination hub.

2. CERT-EU shall collect, manage, analyse and share information with the Union entities on cyber threats, vulnerabilities and incidents in unclassified ICT infrastructure. It shall coordinate responses to incidents at interinstitutional and Union entity level, including by providing or coordinating the provision of specialised operational assistance.

3. CERT-EU shall carry out the following tasks to assist the Union entities:

(a) support them with the implementation of this Regulation and contribute to the coordination of the implementation of this Regulation through the measures listed in Article 14(1) or through ad-hoc reports requested by the IICB;

(b) offer standard CSIRT services for Union entities by means of a package of cybersecurity services described in its service catalogue (baseline services);

(c) maintain a network of peers and partners to support the services as outlined in Articles 17 and 18;

(d) bring to the attention of the IICB any problems relating to the implementation of this Regulation and the implementation of guidelines, recommendations and calls for action;

(e) on the basis of the information referred to in paragraph 2, contribute to the Union cyber situational awareness in close cooperation with ENISA;

(f) coordinate the management of major incidents;

(g) act on the part of Union entities as the equivalent of the coordinator designated for the purposes of coordinated vulnerability disclosure pursuant to Article 12(1) of Directive (EU) 2022/2555;

(h) provide, upon the request of a Union entity, proactive non-intrusive scanning of publicly accessible network and information systems of that Union entity. The information referred to in the first subparagraph, point (e), shall be shared with the IICB, the CSIRTs network and the European Union Intelligence and Situation Centre (EU INTCEN), where applicable and appropriate, and subject to appropriate confidentiality conditions.

4. CERT-EU may, in accordance with Article 17 or 18 as appropriate, cooperate with relevant cybersecurity communities within the Union and its Member States, including in the following areas:

(a) preparedness, incident coordination, information exchange and crisis response at the technical level on cases linked to Union entities;

(b) operational cooperation regarding the CSIRTs network, including with regard to mutual assistance;

(c) cyber threat intelligence, including situational awareness;

(d) on any topic requiring CERT-EU’s technical cybersecurity expertise.

5. Within its competence, CERT-EU shall engage in structured cooperation with ENISA on capacity building, operational cooperation and long-term strategic analyses of cyber threats in accordance with Regulation (EU) 2019/881. CERT-EU may cooperate and exchange information with Europol’s European Cybercrime Centre.

6. CERT-EU may provide the following services not described in its service catalogue (chargeable services):

(a) services that support the cybersecurity of Union entities’ ICT environment, other than those referred to in paragraph 3, on the basis of service level agreements and subject to available resources, in particular broad-spectrum network monitoring, including first-line 24/7 monitoring for high-severity cyber threats;

(b) services that support cybersecurity operations or projects of Union entities, other than those to protect their ICT environment, on the basis of written agreements and with the prior approval of the IICB;

(c) upon request, a proactive scanning of the network and information systems of the Union entity concerned to detect vulnerabilities with a potential significant impact;

(d) services that support the security of their ICT environment to organisations other than the Union entities that cooperate closely with Union entities, for instance by having tasks or responsibilities conferred under Union law, on the basis of written agreements and with the prior approval of the IICB. With regard to the first subparagraph, point (d), CERT-EU may, on an exceptional basis, enter into service level agreements with entities other than the Union entities with the prior approval of the IICB.

7. CERT-EU shall organise and may participate in cybersecurity exercises or recommend participation in existing exercises, where applicable in close cooperation with ENISA, to test the level of cybersecurity of the Union entities.

8. CERT-EU may provide assistance to Union entities regarding incidents in network and information systems handling EUCI where it is explicitly requested to do so by the Union entities concerned in accordance with their respective procedures. The provision of assistance by CERT-EU under this paragraph shall be without prejudice to applicable rules concerning the protection of classified information.

9. CERT-EU shall inform Union entities about its incident handling procedures and processes.

10. CERT-EU shall contribute, with a high level of confidentiality and reliability, via the appropriate cooperation mechanisms and reporting lines, relevant and anonymised information about major incidents and the manner in which they were handled. That information shall be included in the report referred to in Article 10(14).

11. CERT-EU shall, in cooperation with the EDPS, support the Union entities concerned when addressing incidents resulting in personal data breaches, without prejudice to the competence and tasks of the EDPS as a supervisory authority under Regulation (EU) 2018/1725.

12. CERT-EU may, if expressly requested by Union entities’ policy departments, provide technical advice or input on relevant policy matters.