How CRA Standards are built

In the path for developing standards for the CRA, European Standardisation Organisations (CEN-CENELEC and ETSI) play a fundamental role:
the European Commission has issued a standardization request (Mandate M/606) to them for the development of harmonized standards. These standards are essential: products that comply with them are presumed to meet the CRA's requirements.

How CRA Standards are built

The standardisation work is mainly divided into two categories:

HORIZONTAL STANDARDS (Line 1-15)

  • They are product independent and framework oriented
  • Their aim is to provide a foundational approach to cybersecurity applicable across sectors
  • They will help manufacturers implementing baseline security measures, especially for products not yet covered by sector-specific standards
  • They will serve as a basis for more detailed vertical standards.

The role of CYBERSTAND in Horizontal Standards

36
Horizontal standards for security requirements
13
Horizontal standards for vulnerability handling requirements
49
Funded Contributions
For a total amount of € 650.155

VERTICAL STANDARDS (Line 16-41)

  • They are product dependent, focusing on the unique cybersecurity needs of different digital product categories.
  • They should be based on risk analysis and reflect differences in intended purpose and foreseeable use
  • They should reflect the state-of-the-art in the specific sectors.

The role of CYBERSTAND in Vertical Standards

52
Funded Contributions
For a total amount of € 718.822