What are the necessary competencies that will need to be developed in order to comply with Part-IS?
Answer
In order to develop the list of competencies, an organisation may use, as initial guidance, an existing cybersecurity competency framework such as the National Initiative for Cybersecurity Education (NICE) based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).
In Appendix II to the published Acceptable Means of Compliance and Guidance Material (AMC & GM) to Part-IS, the main tasks of Part-IS are listed and mapped to the competencies derived from the NIST CSF. More information may be found in the AMC & GM to Part-IS. Moreover, entities may utilise the material of the European Cybersecurity Skills Framework (ECSF) that is published by ENISA. EASA has therefore produced a document with the objective of providing a high-level case study of the application of the ECSF in aviation for the implementation of Part-IS.
More information and the actual document may be found here.