{"id":233356,"date":"2026-04-15T11:31:00","date_gmt":"2026-04-15T15:31:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/enisa-seeks-top-tier-status-in-cve-program\/"},"modified":"2026-04-20T10:50:10","modified_gmt":"2026-04-20T14:50:10","slug":"enisa-seeks-top-tier-status-in-cve-program","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/15\/enisa-seeks-top-tier-status-in-cve-program\/","title":{"rendered":"ENISA Seeks Top-Tier Status in CVE Program"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/enisa-europe-seeks-top-level-root\/\">ENISA Seeks Top-Tier Status in CVE Program<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/enisa-europe-seeks-top-level-root\/\">https:\/\/www.infosecurity-magazine.com\/news\/enisa-europe-seeks-top-level-root\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-15 11:31:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>ENISA, the EU\u2019s Cybersecurity Agency, is strengthening its ties with the US-funded Common Vulnerabilities and Exposures (CVE) program, a top leader of the agency has announced.<\/p>\n<p>Invited\u00a0to speak at VulnCon26&#8217;s opening keynote in Scottsdale, Arizona, on April 14, Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at ENISA, revealed that the agency was currently being onboarded by the US Cybersecurity and Infrastructure Security Agency (CISA), sole sponsor of the program, to become a top-level root CVE Numbering Authority (TL-Root CNA).<\/p>\n<p>Speaking to Infosecurity after the session, Carvalho said he hopes the European agency can obtain this status \u201cin 2026 or early 2027.\u201d<\/p>\n<h2><strong>CNA, Root CNA and TL-Root CNA Explained<\/strong><\/h2>\n<p>Only two entities currently hold TL-Root CNA status: CISA, the program\u2019s sponsor, and MITRE, the US-funded nonprofit which runs the program.<\/p>\n<p>ENISA became a CVE Numbering Authority (CNA) \u2013 an organization authorized to assign CVE IDs to vulnerabilities \u2013 in 2024. \u00a0It then became a root CNA \u2013 an organization that oversees and coordinates multiple CNAs within a specific domain or region, onboarding new CNAs and resolving disputes \u2013 in 2025.<\/p>\n<p>With the TL-Root CNA status, ENISA would become a top-level authority with the responsibility to manage the entire CVE Program alongside CISA and MITRE, setting global policies and ensuring consistency across all Root CNAs and CNAs.<\/p>\n<p>Speaking to Infosecurity, Johannes Kaspar Clos, a responsible disclosure and CSIRT collaboration expert who works on CNA service implantation in Carvalho\u2019s team at ENISA, said the agency\u2019s future expended role in the CVE program is not only aimed at more operational leverage but also enhanced power in policy and administrative decision-making.<\/p>\n<p>\u201cAs a Root CNA, we have a bigger operational footprint: we will now onboard new CNAs in Europe instead of MITRE and we are now represented in the Council of Roots helping to shape and operationalize&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/enisa-europe-seeks-top-level-root\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ENISA Seeks Top-Tier Status in CVE Program https:\/\/www.infosecurity-magazine.com\/news\/enisa-europe-seeks-top-level-root\/ Publish Date: 2026-04-15 11:31:00 Source Domain: www.infosecurity-magazine.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":233357,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/8ea909f9-ad16-4fa1-be80-9fe043936cc7.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-233356","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233356"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233356"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233356\/revisions"}],"predecessor-version":[{"id":233358,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233356\/revisions\/233358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/233357"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}