Requirements for software that searches for, removes, or quarantines malicious software
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work focuses on contributing to the development of antivirus and antimalware requirements under the Cyber Resilience Act, specifically for embedded devices with limited resources. This involves supporting the development of EN 304 619 draft standard by helping define practical requirements for malware detection, updates, incident handling, and recovery that can realistically be applied on embedded systems.
What is the expected result and impact of this activity?
The expected result is clearer and more practical guidance for developing antivirus solutions that can be used on embedded and infrastructure devices in line with the CRA. The impact is more consistent malware protection across EU, less fragmentation between national or sector-specific requirements, and better protection of critical digital infrastructure against large-scale cyberattacks.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The focus is on how antivirus and antimalware requirements under the CRA can be applied to resource-constrained embedded devices. In particular, this work looks at malware detection, updates, incident handling, and recovery, with an emphasis on solutions that are practical, proportionate, and suitable for embedded environments.
