The increasing number of cyberattacks affecting digital products, coupled with widespread vulnerabilities and insufficient timely security updates, creates heavy financial burdens on society. In response, the European Commission has drafted the Cyber Resilience Act (CRA), a new proposal for regulation to define the legislative framework of essential cybersecurity requirements that manufacturers must meet when placing any product with digital elements on the internal market.
To facilitate adoption of the CRA provisions, these cybersecurity requirements need to be translated into the form of harmonised standards, with which manufacturers can comply.
The JRC, together with European Union Agency for Cybersecurity (ENISA), has published a Cyber Resilience Act Requirements Standards Mapping report, mapping all available cybersecurity and vulnerability standardisation outputs, aiming to bridge the gap between existing standards and the necessary qualifications for products with digital elements set out by the Cyber Resilience Act.
This report identifies the most relevant existing cybersecurity standards for each CRA requirement, analyses the coverage already offered on the intended scope of the requirement, and highlights possible gaps to be addressed.
Source: European Commission
Photo: Istock.com/Tero Vesalainen