Security News > 2023 > March > Cyber resilience in focus: EU act to set strict standards

Cyber resilience in focus: EU act to set strict standards
2023-03-02 04:00

With the EU Cyber Resilience Act, the industry is dealing with one of the strictest regulatory requirements.

There are hardly any established procedures for this: "Among other things, the EU Cyber Resilience Act will require a cyber risk assessment before a product is put on the market. All manufacturers must start now to integrate the upcoming requirements into their product development, as the development of new products and variants often takes many months and years," says Jan Wendenburg, CEO of ONEKEY. Documentation requirements and the need for a SBOM. In addition to security measures against unauthorised access, companies will also be required to manage software vulnerabilities and patches in the future - before damage is caused by exploitable vulnerabilities.

"Throughout the entire product lifecycle, manufacturers must effectively manage the vulnerabilities of their products, conduct regular testing and demonstrate comprehensive patch management. There is also an obligation to maintain clear documentation," Wendenburg continues.

Depending on the product and the components installed, there can be hundreds of different assemblies, each with its own "Brains" and hidden risks.

In addition to the documentation requirements, companies will have to regularly update the data inventory on the products and keep the data for up to ten years after the product has been placed on the market.

"It is becoming clear that the pressure - even if the EU Commission postpones the law somewhat - is high. Products and components, including those from third-parties, have to be tested for vulnerabilities, manufacturers and importers must document this and provide the necessary capacity to meet the information obligations. For industry, this means rethinking established development and production processes. Those who do not act in time here risk high penalties from the authorities," Jan Wendenburg concluded.


News URL

https://www.helpnetsecurity.com/2023/03/02/eu-cyber-resilience-act/

#EU