This SSP focuses on reviewing draft standards under development to support the standardization request linked to the Cyber Resilience Act (CRA) through a dedicated SME perspective. The goal is to identify where the text may create unnecessary burdens for SMEs or where clarity, feasibility, or proportionality can be improved.
- Requested topics
Review of the draft standards and guidelines for SMEs are requested for the following topics of the CRA standardisation request:
- VERTICAL STANDARDS FOR SECURITY - 17. Standards on essential cybersecurity requirements for standalone and embedded browsers
- VERTICAL STANDARDS FOR SECURITY - 19. Standards on essential cybersecurity requirements for software that searches for malicious software
- VERTICAL STANDARDS FOR SECURITY - 20b Security for Operational Technologies - Part 4: Security Profile for products with digital elements with the function of virtual private network (VPN)
- VERTICAL STANDARDS FOR SECURITY - 21b Security for Operational Technologies - Part 2: Security Profile for network management systems (based on EN IEC 62443)
- VERTICAL STANDARDS FOR SECURITY - 22b Security for Operational Technologies - Part 6: Security Profile for security information and event management (SIEM) systems (based on EN IEC 62443)
- VERTICAL STANDARDS FOR SECURITY - 25b Security for Operational Technologies - Part 3: Security Profile for physical and virtual network interfaces (based on EN IEC 62443)
- VERTICAL STANDARDS FOR SECURITY - 26. Standards on essential cybersecurity requirements for operating systems
- VERTICAL STANDARDS FOR SECURITY - 27. Standards on essential cybersecurity requirements for routers, modems for the connection to internet, switches
- VERTICAL STANDARDS FOR SECURITY - 27b Security for Operational Technologies - Part 5: Security Profile for routers, modems intended for the connection to the internet, and switches (based on EN IEC 62443)
- VERTICAL STANDARDS FOR SECURITY - 30. Standards on essential cybersecurity requirements for ASIC and FPGA with security-related functionalities
- VERTICAL STANDARDS FOR SECURITY - 31. Standards on essential cybersecurity requirements for smart home general purpose virtual assistants
- VERTICAL STANDARDS FOR SECURITY - 32. Standards on essential cybersecurity requirements for smart home products with security functionalities
- VERTICAL STANDARDS FOR SECURITY - 33. Standards on essential cybersecurity requirements for internet connected toys covered by Directive 2009/48/EC
- VERTICAL STANDARDS FOR SECURITY - 34. Standards on essential cybersecurity requirements for personal wearable products to be worn on a human body with health monitoring purpose
- VERTICAL STANDARDS FOR SECURITY - 35. Standards on essential cybersecurity requirements for hypervisors and container runtime systems
- VERTICAL STANDARDS FOR SECURITY - 36b Security for Operational Technologies - Part 1: Security Profile for firewalls and intrusion detection and prevention systems (based on EN IEC 62443)
- VERTICAL STANDARDS FOR SECURITY - 40. Standards on essential cybersecurity requirements for smart meter gateways within smart metering systems