M/606 - CRA
on a standardisation request to European Standards Organisations in support of Union policy on cybersecurity requirements for products with digital elements
General Information
Frequently Asked Questions
A European Standardization Mandate is a formal request from the European Commission to the European Standardization Organizations (CEN, CENELEC, and ETSI) to develop European standards (ENs) in support of EU legislation and policies. Mandates are issued under Regulation (EU) No 1025/2012 and help ensure that products and services meet the essential requirements set out in EU directives and regulations.
M/606 is a European Standardization Mandate titled "on a standardisation request to European Standards Organisations in support of Union policy on cybersecurity requirements for products with digital elements". on a standardisation request to European Standards Organisations in support of Union policy on cybersecurity requirements for products with digital elements There are 4 standards developed under this mandate.
Standards developed in response to a mandate and cited in the Official Journal of the European Union become "harmonized standards". Products manufactured in compliance with harmonized standards benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation, facilitating CE marking and market access across the European Economic Area.
This document specifies general cybersecurity principles and general risk management activities for all products with digital elements, hereafter also referred to as 'products'. This document covers every stage of the product lifecycle to ensure and maintain an appropriate level of cybersecurity based on the risks.
This document also provides generic elements to support the development of coherent product-category-specific standards (vertical standards).
This document:
— establishes generic cybersecurity principles applicable to all stages of the product lifecycle;
— specifies requirements for risk assessment and treatment of cybersecurity risks;
— specifies requirements on activities that can be applied to ensure an appropriate level of cybersecurity at every phase of the product lifecycle;
— provides elements and considerations for product category specific standards in order to facilitate a harmonized approach.
This document does not provide vertical product category specific activities and elements.
- Draft57 pagesEnglish languagee-Library read for1 day
This document provides the terms and definitions commonly used in the cybersecurity requirements for products with digital elements family of standards.
- Draft8 pagesEnglish languagee-Library read for1 day
This document specifies general cybersecurity principles and general risk management activities for all products with digital elements, hereafter also referred to as 'products'. This document covers every stage of the product lifecycle to ensure and maintain an appropriate level of cybersecurity based on the risks.
This document also provides generic elements to support the development of coherent product-category-specific standards (vertical standards).
This document:
— establishes generic cybersecurity principles applicable to all stages of the product lifecycle;
— specifies requirements for risk assessment and treatment of cybersecurity risks;
— specifies requirements on activities that can be applied to ensure an appropriate level of cybersecurity at every phase of the product lifecycle;
— provides elements and considerations for product category specific standards in order to facilitate a harmonized approach.
This document does not provide vertical product category specific activities and elements.
- Draft57 pagesEnglish languagee-Library read for1 day
This document provides the terms and definitions commonly used in the cybersecurity requirements for products with digital elements family of standards.
- Draft8 pagesEnglish languagee-Library read for1 day