Ensuring continued support for CRA-related NWIs in CEN/CLC/JTC13
Vertical standards for security requirements
What does the work you will carry out for the CYBERSTAND SSP consist of?
The work carried out will ensure continued support for CRA-related NWIs in CEN/CLC/JTC13. In particular the NWI EN 18037-2 in WG3 and the NWIs "Guidance for the application of EN 18037“ and "Proof-of-concept for the application of EN 18037 in support of the CRA“ in WG6. The NWIs have been approved by JTC13 in 2025 and will be continued and completed in 2026. Cord Bartels was appointed as coordinator and editor for these NWIs.
What is the expected result and impact of this activity?
It is the goal to generate working drafts for all NWI and to support the first steps of CEN's alignment and standardization processes, at least through public enquiry of the WD.
Which aspects of the Cyber Resilience Act (CRA) standardisation are you focusing on?
The NWIs addressed by this activity are categorized as "Complementary and supporting deliverables" in support of the CRA. The results of the EN 18037-based sectoral risk and cybersecurity assessments support product manufacturers in conforming to their obligations set out in the CRA and ESO in generating vertical standards for the CRA. This includes the documentation of the particular intended purpose of the product in the sectoral ICT system, the risks associated with this intended purpose and the identification of appropriate security and, if required, assurance requirements.
