TC65x WG3 CRA for OT broad vertical contribution
Vertical standards for security requirements
Horizontal standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
As an OT Cybersecurity Architect, I contribute to CLC / TC65X WG3 in updating the IEC 62443 series to address CRA gaps across multiple OT device categories. Widely adopted in industrial sectors, 62443 offers a mature, modular framework that supports vertical-specific profiles and aligns with other regulations like the Machinery Directive and Marine UR E26 / E27. Updating an existing international standard helps reduce fragmentation, supports regulatory convergence across industry sectors, and enables vendors to meet compliance deadlines with minimal duplication.
What is the expected result and impact of this activity?
The broad vertical foundation to be contributed during the year 2025 includes updates to the IEC 62443-4-2 OT component requirements, IEC 62443-3-3 for OT systems as well as the IEC 62443-4-1 secure development lifecycle specifications. These updates aim to address compatibility with the CRA, while also maintaining coherence and alignment with the work conducted in the CENELEC JTC13 WG9 working groups for the horizontal CRA standards.
In practice, TC65x WG3 is implementing a set of incremental updates to the existing, well-known international standards. By the end of my CYBERSTAND medium-term (6-month) contribution, the group will also begin fine-grained work on the vertical profiles—IEC 62443-5-x standards—which address OT-specific, important product categories such as routers, VPNs, and firewalls for the OT environment.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Broad vertical supporting OT deliverables.
