The JRC and the European Union Agency for Cybersecurity (ENISA) published the Cyber Resilience Act Requirements Standards Mapping report in April 2024. This report maps all available cybersecurity and vulnerability standardisation outputs, aiming to bridge the gap between existing standards and the necessary qualifications for products with digital elements set out by the Cyber Resilience Act (CRA).
The report identifies the most relevant existing cybersecurity standards for each CRA requirement, analyses the coverage already offered on the intended scope of the requirement, and highlights possible gaps to be addressed.
To facilitate adoption of the CRA provisions, these cybersecurity requirements need to be translated into the form of harmonised standards, with which manufacturers can comply.
Background
The increasing number of cyberattacks affecting digital products, coupled with widespread vulnerabilities and insufficient timely security updates, creates heavy financial burdens on society.
In response, the European Commission drafted the Cyber Resilience Act, a proposal for regulation to define the legislative framework of essential cybersecurity requirements that manufacturers must meet when placing any product with digital elements on the internal market.
The act entered into force on 10 December 2024. The main obligations introduced by the act will apply from 11 December 2027. The CRA builds on the 2020 EU Cybersecurity Strategy.
Related links
Cyber Resilience Act Requirements Standards Mapping report