Overview of the Cyber Resilience Act (CRA)
The Cyber Resilience Act (CRA) aims to enhance the cybersecurity level of digital products in the EU market, ensuring these products can withstand cyberattacks and protect user data. The Act introduces a set of standards and requirements that cover all stages of a product’s lifecycle, including design, development, production, operation, and disposal.
Legislative Process and Current Status
The legislative process for the Cyber Resilience Act (CRA) has made significant progress. On April 17, 2023, the second draft of the CRA’s standardization request was published, requiring the completion of 41 deliverables in the coming years. Currently, relevant working groups are actively discussing the CRA framework proposal and continuously improving and refining the standards system.
Legislative Timeline
Based on the current legislative process, the key milestones for the Cyber Resilience Act (CRA) include:
Introduction and Explanation of Horizontal Process Standards, General Security Requirements, and Vertical Standards
Horizontal Process Standards
Horizontal process standards refer to fundamental security standards applicable to all types of digital products. These standards cover common security processes and measures across products, such as authentication, access control, data encryption, and vulnerability management. The aim of these standards is to ensure that all digital products meet consistent basic security requirements.
General Security Requirements
General security requirements are common security specifications set for all digital products. These specifications encompass essential security features that devices must possess, such as secure communication protocols, data protection mechanisms, and system integrity protection. These requirements ensure that products in the market can offer basic security assurances to prevent common cyber threats and attacks.
Vertical Standards
Vertical standards are specialized security standards designed for specific types or industries of digital products. These standards consider the unique needs and risks associated with different product types, such as medical devices, industrial control systems, and smart home devices. They establish specific security regulations tailored to the unique environments and use cases of these devices to ensure their safe operation in particular application scenarios.
Impact of the CRA on ICT Products
The CRA imposes specific security requirements on various digital products, including consumer IoT devices, smart home virtual assistants, and industrial network switches. These requirements span from security considerations in the product design phase to vulnerability handling and security update mechanisms during the product’s operation. This ensures that these products maintain a high level of security when faced with cyber threats.
—
The cybersecurity testing laboratory at the One provides testing and certification services that meet the latest PSTI cybersecurity requirements. We continuously monitor the latest regulatory developments and offer appropriate cybersecurity testing services in line with regulatory changes, providing our clients with up-to-date cybersecurity testing and certification solutions.
For further information, please contact:
Email: service@theonelab.co
Publication Date: May 30, 2024
Source: REDCA (Updated Report, May 17, 2024)