CCAT

Cybersecurity regulations are becoming increasingly complex. The Cybersecurity Act (CSA) introduces an EU-wide cybersecurity certification framework, while the Cyber Resilience Act (CRA) sets mandatory cybersecurity requirements for products with digital components. A reliable and flexible set of tools is essential for continuous security assessment and navigating these evolving regulations.

In the CCAT project, we propose adapting four open-source tools, developed in academic cybersecurity research, to support the implementation of new regulations:

• TLS-Scanner for assessing security in TLS clients and servers;
• SCRUTINY for evaluating cryptographic implementations, software libraries, and hardware, including black-box setups; (3) ALVIE for testing embedded security architectures against vulnerabilities;
• sec-certs for analysing certification landscapes and evaluating the relationships between certified products and actual vulnerabilities.

CCAT will enhance these tools to meet the needs of various users involved in or dependent on cybersecurity assessment and certification. The CCAT methodology builds upon:

• Relevant feedback for purpose-driven enhancements enabled by collaboration with users applying the CCAT tools in diverse application scenarios.
• Robust usable security research exploring and collaboratively improving user interaction with the tools.
• Aligning the tools with the emerging EU security certification landscape.

CCAT tools aim to empower both ICT producers and consumers, fostering a more transparent, accountable, and resilient digital environment. Regulatory bodies can use these tools to assess the effectiveness of cybersecurity certifications, verify the security of specific implementations, and ensure the EU digital single market cybersecurity.

The Cybersecurity Certification and Assessment Tools (CCAT) project is an Innovation Action under the Horizon Europe program (HORIZON-IA, topic: HORIZON-CL3-2024-CS-01-01 – Approaches and tools for security in software and hardware development and assessment) with a total budget of €4,223,156.08. More about the project: https://cordis.europa.eu/project/id/101225878.

The project funded under Grant Agreement No. 101225878 is supported by the European Cybersecurity Competence Centre.

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.

Coordinator Contact:
prof. Václav Matyáš
matyas@fi.muni.cz

The University of Tartu Contact:
Gular Samadova
gular.samadova@ut.ee