CLC TC47X Contribution to CRA Standardisation as a Member of DKE AK631.0.1 and CC TC47X
Horizontal standards for security requirements
Horizontal standards for vulnerability requirements
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work contributes to the CRA standardisation taking place in the working groups of CEN/CENELEC TC47X Semiconductors and Trusted Chips. It relates to aspects of physical analysis for proof of trust, evidence and support of vulnerability handling. It consists of participation in meetings of and the editorial process in TC47x standard groups. Participation in various workshops with related topics helps identifying needs and building networks of stakeholders.
What is the expected result and impact of this activity?
In view of uses cases at different risk levels the expected results are an early deep under-standing how and with which effort state-of-the-art physical analysis and authenticity proof of integrated circuits can effectively support risk assessment and vulnerability handling. In case of a critical vulnerability of a critical product market authorities may request evidence. The discussion and conclusions may be considered in the standards. There will be a link to the community of advanced semiconductor analysis to foster the development of effective methods. It will also help to disseminate the CRA standards in the affected community.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Objective of the CRA is to protect the end user from digital products with cyber vulnerabilities. The vast majority of known vulnerabilities is related to software and firmware. The may be resolved by an update. Nevertheless, standardised effective and efficient processes and methods are necessary to identify and tackle vulnerabilities that result from the implementation or even manipulation of the hardware itself in view of complex global supply chains.
