FantasticSearch

Definitions For the purposes of this Regulation, the following definitions apply:

(1) ‘cybersecurity’ means the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats;

(2) ‘network and information system’ means a network and information system as defined in point (1) of Article 4 of Directive (EU) 2016/1148;

(3) ‘national strategy on the security of network and information systems’ means a national strategy on the security of network and information systems as defined in point (3) of Article 4 of Directive (EU) 2016/1148;

(4) ‘operator of essential services’ means an operator of essential services as defined in point (4) of Article 4 of Directive (EU) 2016/1148;

(5) ‘digital service provider’ means a digital service provider as defined in point (6) of Article 4 of Directive (EU) 2016/1148;

(6) ‘incident’ means an incident as defined in point (7) of Article 4 of Directive (EU) 2016/1148;

(7) ‘incident handling’ means incident handling as defined in point (8) of Article 4 of Directive (EU) 2016/1148;

(8) ‘cyber threat’ means any potential circumstance, event or action that could damage, disrupt or otherwise adversely impact network and information systems, the users of such systems and other persons;

(9) ‘European cybersecurity certification scheme’ means a comprehensive set of rules, technical requirements, standards and procedures that are established at Union level and that apply to the certification or conformity assessment of specific ICT products, ICT services, ICT processes or managed security services;

(10) ‘national cybersecurity certification scheme’ means a comprehensive set of rules, technical requirements, standards and procedures developed and adopted by a national public authority and that apply to the certification or conformity assessment of ICT products, ICT services, ICT processes or managed security services falling under the scope of the specific scheme;

(11) ‘European cybersecurity certificate’ means a document issued by a relevant body, attesting that a given ICT product, ICT service, ICT process or managed security service has been evaluated for compliance with specific security requirements laid down in a European cybersecurity certification scheme;

(12) ‘ICT product’ means an element or a group of elements of a network or information system;

(13) ‘ICT service’ means a service consisting fully or mainly in the transmission, storing, retrieving or processing of information by means of network and information systems;

(14) ‘ICT process’ means a set of activities performed to design, develop, deliver or maintain an ICT product or ICT service;

(14a) ‘managed security service’ means a service provided to a third party consisting of carrying out, or providing assistance for, activities relating to cybersecurity risk management, such as incident handling, penetration testing, security audits and consulting, including expert advice, related to technical support;

(15) ‘accreditation’ means accreditation as defined in point (10) of Article 2 of Regulation (EC) No 765/2008;

(16) ‘national accreditation body’ means a national accreditation body as defined in point (11) of Article 2 of Regulation (EC) No 765/2008;

(17) ‘conformity assessment’ means a conformity assessment as defined in point (12) of Article 2 of Regulation (EC) No 765/2008;

(18) ‘conformity assessment body’ means a conformity assessment body as defined in point (13) of Article 2 of Regulation (EC) No 765/2008;

(19) ‘standard’ means a standard as defined in point (1) of Article 2 of Regulation (EU) No 1025/2012;

(20) ‘technical specification’ means a document that prescribes the technical requirements to be met by, or conformity assessment procedures relating to, an ICT product, ICT service, ICT process or managed security service;

(21) ‘assurance level’ means a basis for confidence that an ICT product, ICT service, ICT process or managed security service meets the security requirements of a specific European cybersecurity certification scheme, and indicates the level at which an ICT product, ICT service, ICT process or managed security service has been evaluated but as such does not measure the security of the ICT product, ICT service, ICT process or managed security service concerned;

(22) ‘conformity self-assessment’ means an action carried out by a manufacturer or provider of ICT products, ICT services, ICT processes or managed security services, which evaluates whether those ICT products, ICT services, ICT processes or managed security services meet the requirements of a specific European cybersecurity certification scheme.