Applying EN 18037 for appropriate security level requirements to products with digital elements
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The activities shall support the application of EN 18037 for sectoral risk and cybersecurity assessments and detecting the appropriate security level requirements to products with digital elements in the context of the CRA .
It is planned to provide guidance for setting up the risk assessment context, selecting risk scenarios, identifying requirements to relevant products and documenting assessment results so that the aspects relevant to the CRA are addressed. In addition, a practical application example shall serve as proof of concept.
What is the expected result and impact of this activity?
The activity aims at the following deliverables:
1. Documentation of technical guidance for the application of EN 18037 for sectoral risk and cybersecurity assessments with focus on the needs of ICT product manufacturers, in particular with regard to their obligations defined in the CRA.
2. A technical report documenting the results of a risk and cybersecurity assessments for a specific sectoral system.
By this, ICT product manufacturers should benefit from obtaining sound risk information and requirements concerning their products, in particular with regard to their obligations set out by the CRA. Ideally, they can just reference the information provided by the technical report. In particular for SME, who typically have difficulties to obtain sufficient market intelligence, this should be a significant support.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The activity is related to macro area “Horizontal standards for security requirements”
