Participation in the standardisation work for the Cyber Resilience Act proposal focus on WG9 PT1 & 3
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
My contributions are focused on the work of the groups and technical committees responding to the Cyber Resilience Act Standardisation Request, essentially two such committees: CEN-CENELEC Joint Technical Committee 13 Working Group 9 (WG9) and ETSI Technical Committee CYBER. Most of the work is currently starting in the 3 WG9 project teams: PT1, 2, and 3 and I am participating in all three with oral interventions and occasional written contributions.
What is the expected result and impact of this activity?
The CRA Standardisation Request was issued by the European Commission for the purpose of producing standardisation deliverables responding to the CRA essential requirements. In particular, the work in progress in WG9 is aimed at drafting the horizontal standardisation deliverables for Annex 1 items from 1 to 15. With these standardisation deliverables, the desired result is to support the implementation of the CRA in the EU single market.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
As the current activities of WG9 are focused on the horizontal standards - as they are called in the CRA SR, my participation in these working groups is focused on these topics. Namely, the topics discussed are respectively as follows:
- in PT1 designing, developing and producing products with digital elements in such a way that they ensure an appropriate level of cybersecurity based on the risks;
- in PT2 products conformity with horizontal essential requirements;
- in PT3 a horizontal standardisation deliverable for vulnerability handling requirements.
