ENISA advancement to top-level CVE Numbering Authority status under review
Summary
Hide ▲
Show ▼
The European Union Agency for Cybersecurity (ENISA) is undergoing onboarding to achieve top-level root Common Vulnerabilities and Exposures (CVE) Numbering Authority (TL-Root CNA) status, as announced by Nuno Rodrigues Carvalho, Head of Sector for Incidents and Vulnerability Services at ENISA, during VulnCon26 in Scottsdale, Arizona on April 14, 2026. If granted, ENISA will join CISA and MITRE as the third TL-Root CNA, enabling it to manage the CVE Program alongside them, including global policy setting, consistency enforcement across Root CNAs and CNAs, and representation in the program’s Board. ENISA aims to achieve this status by 2026 or early 2027.
Timeline
-
15.04.2026 18:31 1 articles · 3h ago
ENISA’s onboarding to TL-Root CNA status under CISA review
ENISA is undergoing onboarding by CISA to achieve TL-Root CNA status, which would make it the third entity globally—alongside CISA and MITRE—to manage the CVE Program. The process aims for completion in 2026 or early 2027 and would grant ENISA authority to set global policies, ensure consistency across Root CNAs, and represent European interests in the CVE Program’s Board.
Show sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
Information Snippets
-
ENISA is currently being onboarded by CISA to become a TL-Root CNA, with the process expected to conclude in 2026 or early 2027.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
-
TL-Root CNA status would allow ENISA to manage the CVE Program alongside CISA and MITRE, including setting global policies and ensuring consistency across all Root CNAs and CNAs.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
-
ENISA has been a CNA since 2024 and became a Root CNA in 2025, enabling it to onboard new CNAs in Europe and participate in the Council of Roots.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
-
ENISA’s priorities include onboarding all national CERTs and CSIRTs in the EU to become CNAs, addressing perceived underrepresentation of European entities in the CVE Program.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
-
The CVE Program currently has 502 CNAs, with only 83 based in Europe, reflecting an ongoing push for greater European participation.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31
-
ENISA is actively hiring to expand its team to support the increased workload associated with its expanded role in the CVE Program.
First reported: 15.04.2026 18:311 source, 1 articleShow sources
- European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program — www.infosecurity-magazine.com — 15.04.2026 18:31