Developing vertical security standard for hardware devices for security boxes (HSM)
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
My everyday work is related to eIDAS and EU digital identity wallets. However, as always, there are interconnections. Cryptographic operations of EUDI wallet are envisioned to rely on a specific new abstract component, called WSCA (Wallet Secure Cryptographic Application) and WSCD (Wallet Secure Cryptographic Device), which may be implemented by an HSM (Hardware Security Module) or "Hardware Device with Security Box" as CRA calls them. Therefore, EUDIW components have connection points with CRA essential requirements as well and I will have to present those connections clearly to the working group.
What is the expected result and impact of this activity?
My participation in CEN/CENELEC TC224 WG10 will contribute to a vertical security standard for "Hardware Devices with Security Boxes" and ensures that requirements of end-users, integrators and specific use cases for digital identity will be on the table.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
I'm focussed on products which fall into category of "Hardware Devices with Security Boxes" and are categorised as "critical products" according to CRA Annex IV.
