CEN-CLC JTC 13
Cybersecurity and Data Protection
Development of standards for cybersecurity and data protection covering all aspects of the evolving information society including but not limited to:
​
-
Management systems, frameworks, methodologies
-
Data protection and privacy
Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs)
​
Competence requirements for cybersecurity and data protection - Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices Included in the scope is the identification and possible adoption of documents already published or under development by ISO/IEC JTC 1and other SDOs and international bodies such as ISO, IEC, ITU-T, and industrial fora. Where not being developed by other SDO's, the development of cybersecurity and data protection CEN/CENELEC publications for safeguarding information such as organizational frameworks, management systems, techniques, guidelines, and products and services, including those in support of the EU Digital Single Market.​
Working Group 6
Product security
JTC 13/WG 6 covers cybersecurity related standardization work for products which covers both product requirements and process requirements (security by design and by default). The current CRA related work items are the deliverables for the smart meter gateway and the work items related to the EN 18037 based sector specific risk assessment for the CRA.
Torben Markussen - Kamstrup
Expert CEN-CLC/JTC 13 WG 6, Smart meter gateways (Line 40 CRA SReq)
Link to the CRA standardization request
Working on a European Standard in response to the CRA Standardization Request, Annex I:
​
Line 40
​
'Cybersecurity requirements for products with digital elements – Smart Meter Gateway'
Working Group 9
Special Working Group on Cyber Resilience Act
JTC 13/WG 9 develops the horizontal cybersecurity standards for the CRA. These standards define the generic state-of-the-art for the activities the manufacturer must execute to develop and maintain secure products. One deliverable addresses the overall security by design expectations during the total product life cycle; one deliverable addresses the vulnerability handling requirements while the third deliverable provides a catalog of product security controls that could be used to achieve compliance to the essential requirements for the hardware and software products in scope of the CRA. These standardization deliverables have a dual purpose. They can be used directly by manufacturers to develop and maintain products in the default class and can also be used by standardizers to develop the vertical CRA deliverables which might set more specific requirements applicable to a specific type or group of products.
Link to the CRA standardization request
Ben KOKX, Philips
Convenor of CEN-CLC JTC/13 WG 9 and 6
Deep-Dive Horizontal Deliverables
