ENISA Seeks Top-Level Role in U.S.-Funded CVE Program to Enhance Cybersecurity Coordination

What's Happening? The European Union's Cybersecurity Agency, ENISA, is working to strengthen its involvement in the U.S.-funded Common Vulnerabilities and Exposures (CVE) program. Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, announced at VulnCon26 in Sco

Summarized by AI ⓘ

AI & New Tech

SEE ALL

Trendline

Forbes 2026 AI 50 List Highlights Shift to AI Independence and Efficiency

Trendline

AMD to Re-Launch Ryzen 7 5800X3D Processor in 2026 to Celebrate AM4's 10th Anniversary

Trendline

MMD to Spearhead Global Deployment of TraxIQ Material Handling Solution

What is the story about?

What's Happening?

The European Union's Cybersecurity Agency, ENISA, is working to strengthen its involvement in the U.S.-funded Common Vulnerabilities and Exposures (CVE) program. Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, announced

at VulnCon26 in Scottsdale, Arizona, that the agency is being onboarded by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to become a top-level root CVE Numbering Authority (TL-Root CNA). This status would allow ENISA to manage the CVE Program alongside CISA and MITRE, setting global policies and ensuring consistency across all Root CNAs and CNAs. ENISA aims to achieve this status by 2026 or early 2027. The agency has been a CVE Numbering Authority since 2024 and a root CNA since 2025, overseeing and coordinating multiple CNAs within Europe.

Why It's Important?

ENISA's potential elevation to a TL-Root CNA status is significant as it would enhance Europe's role in global cybersecurity efforts. This move aligns with the CVE Program's strategy to diversify and internationalize its operations. Currently, only a small fraction of the 502 CNAs are based in Europe, and ENISA's involvement could increase European representation. This development is crucial as the volume and complexity of cybersecurity vulnerabilities grow, necessitating broader international cooperation. By becoming a TL-Root CNA, ENISA would gain more operational leverage and influence in policy and administrative decision-making, potentially leading to more robust cybersecurity measures across Europe and globally.

What's Next?

ENISA is actively onboarding new CNAs, focusing on national computer emergency response teams (CERTs) and computer security incident response teams (CSIRTs) in Europe. The agency is also expanding its team to support its increased role in the CVE Program. The onboarding process for TL-Root CNA status is unprecedented, as CISA and MITRE have been the sole operators since the program's inception. ENISA aims to complete this process by 2026 or early 2027, which would mark a significant milestone in international cybersecurity collaboration.