Information Assurance (IA) in the field of communication and information systems is the confidence that such systems will protect the information they handle and will function as they need to, when they need to, under the control of legitimate users. Effective IA shall ensure appropriate levels of confidentiality, integrity, availability, non-repudiation and authenticity. IA shall be based on a risk management process.
Where the protection of European Union Classified Information (EUCI) is provided by cryptographic products, such products shall be approved as follows:
- (a) the confidentiality of information classified SECRET UE/EU SECRET and above shall be protected by cryptographic products approved by the Council as Crypto Approval Authority (CAA), upon recommendation by the Security Committee;
- (b) the confidentiality of information classified CONFIDENTIEL UE/EU CONFIDENTIAL or RESTREINT UE/EU RESTRICTED shall be protected by cryptographic products approved by the Secretary-General of the Council as CAA, upon recommendation by the Security Committee.
Here is the List of Approved Cryptographic Products (LACP)
Unintentional Electromagnetic Emanations Protection
CIS handling information classified CONFIDENTIEL UE/EU CONFIDENTIAL and above shall be protected in such a way that the information cannot be compromised by unintentional electromagnetic emanations (TEMPEST security measures).
Council of the European Union (GSC) has decided to establish a list of EU accredited TEMPEST companies in order to react to the fast changing technology in the IT-world and to to gradually transform the traditionally product-oriented approach into a more company-oriented method.
The list covers both parent and subsidiary companies, which are located in an EU Member State and are involved in the development, testing, production, sales, support and/or maintenance of TEMPEST equipment complying with the EU TEMPEST standard IASG 7-03 level A, B or C or EU TEMPEST standard IASG 7-02 Equipment Zone 1 or 2.
The list is not limited to companies having the full range of facilities and knowledge in-house for making TEMPEST equipment; companies responsible for parts of this process might also fall within its scope, e.g. a company offering only TEMPEST testing, or a company producing the TEMPEST equipment and only doing production short tests after another company has developed a certified prototype, might also be included.
Here is the List of Accredited TEMPEST Companies