ETSI & CEN/CLC coordination on edge computing security aspects for CRA std request
Horizontal standards for security requirements
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
Cyber Resilience Act (CRA), recently approved by the Council, is expected to be a game-changer for anyone making, distributing, or importing products with digital elements in the EU. Designed to tackle the rising wave of cyber-attacks, the CRA enforces strict cybersecurity measures across the product lifecycle. From self-assessment to third-party certification, compliance depends on the product’s risk level. With more IoT devices on the market, harmonising these cybersecurity standards is critical.
Standardization related to edge computing security, especially to address EU CRA (Cyber Resilience Act) and related Standardization Requests, is a complex activity, as it involves multiple groups in ETSI and also CEN/CLC coordination.
This project will aim at accelerating the process, with possible contributions on CEI (Cloud, edge and IoT), across different domains and engage relevant industry stakeholders and open source projects.
What is the expected result and impact of this activity?
The activity will target two directions:
1) Standards consolidation in ETSI on edge computing areas (considering the presence of edge computing experts in the different groups, as key aspect for the acceleration)
2) ETSI & CEN/CLC coordination in those areas (considering the current maturity status of the various groups, but also pushing more collaboration and effective organization)
Moreover, presence from European SMEs in this standardization activity will be fostered, by facilitating the participation of key experts coming even from small organizations, but truly engaged in concrete implementation and market deployments. Finally, this project will not only provide the necessary critical mass for contributing to the technical work, but will also amplify the impact and benefits for the European market. In fact, as of note, according to the EC consultation on the CRA, “attention should be given to the inclusion of European stakeholders in the standardisation process, in particular encouraging the participation of SMEs“.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
European standard(s) on essential cybersecurity requirements for virtualized environments, including also underslying infrastruccture, e.g. microprocessors with security-related functionalities.
