Hand-on technical support on supply chain security for products with digital elements
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work for the CYBERSTAND SSP will focus on providing technical contributions to horizontal standards by leveraging real-world best practices and industry insights on SSDLC and SBoM generation. Specifically, this work will involve:
- Technical contribution to Horizontal Standardization
- Engaging with industry stakeholders to gather current best practices, tools, challenges and procedures on SSDLC and SBoM.
- Developing a technical white-paper on SBoM best practices, providing recommendations and methodologies to ensure horizontal standards reflect industry reality.
- Present the results via dissemination events to raise awareness on CRA and provide SMEs with technical insights.
What is the expected result and impact of this activity?
The activities support the development and adoption of horizontal cybersecurity standards, enhance the supply chain transparency introducing improved methodologies to evaluate third-party components, create awareness via community sharing and public outreach on the topic. Presenting the results of the technical report (whitepaper) and participating in webinar, will increase awareness and clarity on the topic of supply chain security, providing technical guidance for SME, and will make sure that the Horizontal Standards will be aligned with the current best practices.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The work will support CEN/CLC/JTC 13 WG9 in drafting the CRA horizontal security standards:
- HORIZONTAL STANDARDS FOR SECURITY - 1. Products with digital elements for ensuring an appropriate level of cybersecurity
- HORIZONTAL STANDARDS FOR SECURITY - 2. Products with digital elements available on the market without vulnerabilities with a clear focus on SSDLC, supply chain and SBoM.
