SME-scaled CRA profiles & sample tests for NMS and Routers/VPN (ETSI EUSR)
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
I will develop two SME-friendly CRA-aligned security profiles covering Network Management Systems (NMS) and Routers/VPN devices. The work includes drafting normative security requirements, preparing sample test cases, defining evidence checklists, and creating a CRA mapping table. The goal is to provide practical and testable controls for vendors and assessors.
What is the expected result and impact of this activity?
The expected result is a pair of concise, actionable profiles that help SMEs understand and implement CRA security requirements more easily. The impact is to improve conformity, reduce ambiguity in testing, and support harmonisation across NMS and router/VPN product categories.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
Security requirements for NMS and Routers/VPN devices, including secure configuration, authentication/authorization, cryptographic controls, update and rollback mechanisms, logging, SBOM/VEX handling, and vulnerability management.
