CRA Standards Map
CRA Standards Map
The European Telecommunications Standards Institute (ETSI) is one of the three European Standards Organizations (ESOs) and alongside CEN and CENELEC responsible for developing and defining voluntary standards at the European level – CEN with focus on general standards, CENELEC on electrotechnical standards, and ETSI on telecommunications. The role of ESOs is to support EU regulation and policies through the production of harmonised European Standards (ENs) and other deliverables. The standards developed by ESOs are the only ones that can be recognized as ENs.
Below is a mapping of the European standards for the CRA to the ESO technical committees responsible for the standards. For more about the ESO’s, committees and types of standards see also the ETSI Overview.
| Standard Type | Line | Standard Title | European Standard Organization / Technical Committee | Link |
|---|---|---|---|---|
| Horizontal | 1 | Cybersecurity requirements for products with digital elements - Principles for cyber resilience | CEN/CLC/JTC 13 WG 9 - Cybersecurity and Data Protection | JT013089 |
| Horizontal | 2-14 | Cybersecurity requirements for products with digital elements – Generic Security Requirements | CEN/CLC/JTC 13 WG 9 - Cybersecurity and Data Protection | JT013091 |
| Horizontal | 15 | Cybersecurity requirements for products with digital elements – Vulnerability Handling | CEN/CLC/JTC 13 WG 9 - Cybersecurity and Data Protection | JT013090 |
| Vertical | 16 | Identity management systems and privileged access management software and hardware | CEN/TC 224 WG 17 - Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment | TBD |
| Vertical | 17 a-b | Standalone and embedded browsers | ETSI CYBER-EUSR | EN 304 617-1 EN 304 617-2 |
| Vertical | 18 | Password managers | ETSI CYBER-EUSR | EN 304 618 |
| Vertical | 19 | Software that searches for, removes, or quarantines malicious software | ETSI CYBER-EUSR | EN 304 619 |
| Vertical | 20 a-b | Products with digital elements with the function of virtual private network (VPN) | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 620 EN 50XXX-4 |
| Vertical | 21 a-b | Network management systems | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 621 EN 50XXX-2 |
| Vertical | 22 a-b | Security information and event management (SIEM) systems | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 622 EN 50XXX-6 |
| Vertical | 23 | Boot managers | ETSI CYBER-EUSR | EN 304 623 |
| Vertical | 24 | Public key infrastructure and digital certificate issuance software | ETSI CYBER-EUSR | EN 304 624 |
| Vertical | 25 a-b | Physical and virtual network interfaces | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 625 EN 50XXX-3 |
| Vertical | 26 | Operating systems | ETSI CYBER-EUSR | EN 304 626 |
| Vertical | 27 a-b | Routers, modems intended for the connection to the internet, and switches | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 627 EN 50XXX-5 |
| Vertical | 28-29 | Microprocessors and microcontrollers with security-related functionalities | CLC/TC 47X WG 1 - Semiconductors and Trusted Chips Implementation | EN 507625 |
| Vertical | 30 | Application specific integrated circuits (ASIC) and field-programmable gate arrays (FPGA) | CLC/TC 47X - Semiconductors and Trusted Chips Implementation | TBD |
| Vertical | 31 | Smart home general purpose virtual assistants | ETSI CYBER-EUSR | EN 304 631 |
| Vertical | 32 | Smart home products with security functionalities | ETSI CYBER-EUSR | EN 304 632 |
| Vertical | 33 | Internet connected toys | ETSI CYBER-EUSR | EN 304 633 |
| Vertical | 34 | Personal wearable products | ETSI CYBER-EUSR | EN 304 634 |
| Vertical | 35 | Hypervisors and container runtime systems | ETSI CYBER-EUSR | EN 304 635 |
| Vertical | 36 a-b | Firewalls, intrusion detection and prevention systems | ETSI CYBER-EUSR CLC/TC 65X WG 3 - Industrial-process measurement, control and automation | EN 304 636 EN 50XXX-1 |
| Vertical | 37-38 | Tamper-resistant microprocessors and microcontrollers | CLC/TC 47X WG 2 - Semiconductors and Trusted Chips Implementation | EN 50766 |
| Vertical | 39 | Hardware Devices with Security Boxes | CEN/TC 224 WG 17 - Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment | TBD |
| Vertical | 40 | Smart meter gateways within smart metering systems | CEN/CLC/JTC 13 WG 6 - Cybersecurity and Data Protection | TBD |
| Vertical | 41 a-b | Smartcards or similar devices, including secure elements | CLC/TC 47X WG 3 - Semiconductors and Trusted Chips Implementation CEN/TC 224 - Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment | EN 50764 |
We welcome suggestions and updates! Please open an issue or post a pull request.