FantasticSearch

1. CERT-EU shall support the implementation of this Regulation by issuing:

(a) calls for action describing urgent security measures that Union entities are urged to take within a set timeframe;

(b) proposals to the IICB for guidelines addressed to all or a subset of the Union entities;

(c) proposals to the IICB for recommendations addressed to individual Union entities. With regard to the first subparagraph, point (a), the Union entity concerned shall, without undue delay after receiving the call for action, inform CERT-EU of how the urgent security measures were applied.

2. Guidelines and recommendations may include:

(a) common methodologies and a model for assessing the cybersecurity maturity of the Union entities, including the corresponding scales or KPIs, serving as reference in support of continuous cybersecurity improvement across the Union entities and facilitating the prioritisation of cybersecurity domains and measures taking into account entities’ cybersecurity posture;

(b) arrangements for or improvements to cybersecurity risk management and the cybersecurity risk-management measures;

(c) arrangements for cybersecurity maturity assessments and cybersecurity plans;

(d) where appropriate, the use of common technology, architecture, open source and associated best practices with the aim of achieving interoperability and common standards, including a coordinated approach to supply chain security;

(e) where appropriate, information to facilitate the use of common procurement instruments for the purchasing of relevant cybersecurity services and products from third-party suppliers;

(f) information-sharing arrangements pursuant to Article 20.