21-23 October | Central Park Hotel Songdo, Korea

Using Common Criteria/EUCC to Meet CRA (M23a)

05 Nov 2024
3:30 pm

Using Common Criteria/EUCC to Meet CRA (M23a)

The European Cybersecurity Resilience Act (CRA) establishes a set of cybersecurity requirements for products with digital elements and obligations for their manufacturers as a mandatory baseline to place these products on the market. CRA opens the door to European Cybersecurity Certification Schemes, such as EUCC, to be used as a pathway for presumption of conformity with CRA requirements through a product certification. The Common Criteria (CC) and its European counterpart, the European Union Common Criteria (EUCC), represent internationally recognized frameworks for evaluating and certifying the security properties of IT products and systems. These frameworks provide a structured approach for assessing security features and functionalities, offering assurance to stakeholders that a product or system meets specified security requirements. In the last two years, work has been done with ENISA on the difficult challenge of using EUCC to meet CRA requirements. This talk will explore common questions such as, is EUCC a suitable and practical way to meet the requirements of CRA? What adaptations does the certification industry need to implement to obtain CRA presumption of conformity through EUCC certifications? This conference is aimed primarily at manufacturers and professionals in the field of cybersecurity certification.