Publications

The Charter of Trust presents this Manifesto as a call to action for Policymakers to join forces in the pursuit of a secure and resilient digital environment. As a collective of leading technology, cybersecurity, and industry stakeholders, we believe that a united and collaborative approach is essential for effectively combating cyber threats that endanger the security, privacy, and prosperity of our societies.
Our vision is to establish a strong, secure, and resilient digital Europe that fosters innovation, economic growth, and social progress while protecting individual rights and safeguarding the values of a democratic society.

This document highlights the significance of caution and due diligence in relation to cyber risks when processes and value chains are supported by digital technology to improve efficiency. As digitalization progresses, such risks exist in products which are combined to systems and networks in the IT but also in the OT world. The intent of this document is to offers practical guidance to risk management based on the experience and expertise of the members of the Charter of Trust P3 Task Force.

The purpose of this document is to provide additional information on a step-by-step approach for achieving secure development lifecycle, in addition to the Phase 1 and Phase 2 baseline requirements. The document aims to provide a deep dive into the topic of secure development lifecycle and define best practices for achieving the same. This includes the following steps: identifying the basic steps for a development lifecycle model and developing best practices for a secure development lifecycle.

How can companies increase the cybersecurity awareness of their employees? AES shares their take on implementing new and innovative training model that drives engagement.

How can companies ramp up their cybersecurity capacities and upgrade skills to provide a confident response to incidents? IBM shares their take on how they trained their customers to be proactive responders in a new Charter of Trust Principle Use Case.

How can companies cooperate to improve their supply chain security? Mitsubishi shares their take on developing a joint approach among partners to establish common cybersecurity awareness practices in a new Chater of Trust Principle Use Case.

What are the main challenges and opportunities of Threat Intelligence sharing? Atos shares their take on bringing together experts from various partners and why this is a smart move.

What approach can businesses take to resolving problems concerning Artificial Intelligence? Bosch details their experience based on the VCIO approach. Learn more in their Principle Use Case.

How to keep employees aware of cyber risks and up-to-date with how to self-protect against cyber-attacks? Learn from Allianz as they share their best practices in a #UseCase under Charter Of Trust principle 6 "Education".

Security risks with IoT devices are varied and diverse. On this, NXP shares their solution, in particular regarding the implementation of the high security standards for both critical suppliers and own products.

Drawing from experience, Siemens shares its best practices and lessons learned concerning improving a cybersecurity posture.

17 Baseline Requirements aimed at enabling security into the design of processes, operations and architectures.

In its White Paper 2021, the Charter of Trust Principle 6 Education Taskforce shares practical advice on how to create a cybersafe culture based on the experience of CoT leaders. To this end, the paper outlines seven key recommendations for industry and government, which at the same time are a joint commitment of CoT Partners and Associated Partners.

The objective of this Explanatory Document is to provide additional information on the Phase 2 “Processes, Operations, Architectures” Baseline Requirements.

The objective of this Explanatory Document is to define the critical cybersecurity requirements needed to deliver secure products, processes, services and business models.

Baseline Requirements aimed at enabling security into the design of products, functionalities and technologies.

The current COVID 19 crisis has led to an exponential increase in the numbers of WFH – people working from home – to safeguard public health. At the same time, there is an increased risk in terms of Cybersecurity.

Responsibility throughout the digital supply chain
Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as
– Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
– Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
– Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable life cycle for their products, systems, and services via a secure update mechanism.

Based on this statement, the CoT members developed a common risk-based approach aligned with international norms to help improve cybersecurity and provide visibility through the supply chain. Three elements form this risk-based approach:
– Baseline requirements are common for all digital suppliers and define the fundamentals that a supplier must address in order to ensure the cybersecurity foundations for their product/service
– Supplier criticality Digital suppliers have different criticalities depending on risk factors, which are also dependent on the context viewed by the purchaser
– Verification Verification to the baseline requirements is dependent on the criticality of the supplier

The purpose of this document is to describe such a risk-based approach and its impact on the digital supply chain with a focus on the various stakeholders throughout the digital supply chain.

How to protect your business effectively: specific measures for small and medium-sized enterprises.