Enterprise VPN Security Requirements for Network Infrastructure (EN 304 620)
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
Supporting the development of EN 304 620 by contributing technical expertise to the formulation and refinement of cybersecurity requirements for enterprise VPN functionality in network infrastructure equipment, with an emphasis on secure, scalable, and operationally feasible implementations.
What is the expected result and impact of this activity?
The expected outcome is greater clarity on how enterprise VPN security should be implemented and assessed in practice under the Cyber Resilience Act. By addressing real-world deployment and operational considerations, the contribution supports a more uniform security level for VPN infrastructure used by European enterprises.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The focus is on strengthening how enterprise VPN technologies address confidentiality, integrity, authentication, and secure key management within EN 304 620, taking into account the operational realities of large-scale and multi-site network deployments.
