Public enquiry concerning the new draft standard prEN 40000 1-2 ‘Principles of cyber resilience’, in support of the Cyber Resilience Act
As mentioned in a previous article, the drafting of harmonised horizontal standards for the Cyber Resilience Act (CRA) is underway within Working Group 9 of the CEN/CLC/JTC 13 technical committee. Among these, the prEN 40000 1-2 standard is the most advanced and has reached the public enquiry stage. This means that the various European national mirror committees CEN/CLC/JTC 13 will have to decide on this draft standard, including the Belgian mirror committee AGORIA-ICT/CCLC013, for which Agoria is the sector operator.
The prEN 40000 1-2 standard specifies general cybersecurity principles and general risk management activities for all products with digital elements. It covers every stage of the product lifecycle to ensure and maintain an appropriate level of cybersecurity based on the risks. The development of this standard is part of the European Commission's request for standardisation for the CRA and may therefore be eligible for harmonised standard status. More specifically, this standard aims to respond to the first paragraph of Part I of Annex I of the CRA, which requires that products with digital elements be designed, developed and manufactured in such a way that they ensure an appropriate level of cybersecurity based on the risks.
Alongside this draft standard, the prEN 40000-1-1 standard entitled ‘Cybersecurity requirements for products with digital elements – Vocabulary’ has also been published on the NBN website for public enquiry. It provides the terms and definitions commonly used in the cybersecurity requirements for products with digital elements.
To consult these standards, visit the NBN portal dedicated to public standards and public enquiries. Click on ‘European Draft Standards’ and enter the number ‘40000’ to access the horizontal standards of the Cyber Resilience Act. It is also possible to comment on them. If the NBN receives comments during the public enquiry, these will be forwarded to the relevant Belgian mirror committee AGORIA-ICT/CCLC013 at the end of the public enquiry.
>Did you know that anyone can participate in this mirror committee?
If you would like to participate in the Belgian mirror committee for cybersecurity standardisation, to closely follow the development of the horizontal standards of the Cyber Resilience Act, and possibly contribute to their development, please contact Arnaud Martin. Participation in Belgian mirror committees is open to all interested parties who wish to actively defend their interests or keep abreast of the latest developments, and is included in the membership fee for Agoria member companies.
Services
Audit - Standards portfolio
Standards are regulary updated, replaced or cancelled and new ones are developed. It is therefore important to know whether you are applying the most recent version and which standards exist for your product.
Advice - Standards
Does my product fall within the scope of a standard? Am I using the correct version of the standard? How should I interpret a certain clause? You can contact us with practical questions about standards.
