Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group Meeting #1 are now public
  • From: Steffen Zimmermann <steffen.zimmermann@xxxxxxxx>
  • Date: Fri, 7 Mar 2025 09:05:17 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=3; mx.microsoft.com 1; spf=pass (sender ip is 52.17.62.50) smtp.rcpttodomain=businesscyberguardian.com smtp.mailfrom=vdma.org; dmarc=pass (p=quarantine sp=reject pct=100) action=none header.from=vdma.org; dkim=pass (signature was verified) header.d=vdma.org; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=vdma.org] dkim=[1,1,header.d=vdma.org] dmarc=[1,1,header.from=vdma.org])
  • Arc-authentication-results: i=2; mx.avanan.net; arc=pass; dkim=none header.d=none
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vdma.org; dmarc=pass action=none header.from=vdma.org; dkim=pass header.d=vdma.org; arc=none
  • Arc-message-signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IyyEQhORavf4x8dd9J5Hl9WmFG0RkvKciRHNMgZePHw=; b=ReVjVY/XOnRl1TpJaboXLwsG8PMkoz+Xd5LiD+Ivrk+UlHD0dA/cinP8vvtPLVo2vYtqlG4KR0vILhoHvBRV5ZdVmOAzmQk1SC2d5LpDDojk/pwwUVLVm7aNdIPH4YWW8d9WXrgqdLRnU3MEaXCeRqoqV8Hx7oSnKAf/xTeNvJj5I/2uO0Vcg0Meh9HIYgNY1nlKyzCRkWMJX5HJxfH3Z1NzdFgwuXlLzWOcIeQ8UePmMy9xKNFFuXUkQK6BIX1v+dvfHwBxj+Zp/4eoCaye80L6azfDlri6DQmq2h4drb7er+HvmdYBP8FgQ/+C211w3CPxsVf5nUIQ7gI0JxddwA==
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=avanan.net; s=arcselector01; t=1741338340; h=from : to : subject : date : message-id : content-type : mime-version; bh=IyyEQhORavf4x8dd9J5Hl9WmFG0RkvKciRHNMgZePHw=; b=Igpu8YqJENiWzBRR6fRdYpbQ6ipLVD67+k4tmaVN26wR65J97AjBVWqcNuFqUClE0eQo4 ssJ/MC/ii8FVW7rWeWJUFvMrTTf9Nczew3Lc7FqLZdZNGlnPFwPG9gKByEhR6xrRQils2mk wnCm4ZcB4wvOYToaOnVX8JTyGAcB6MI=
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IyyEQhORavf4x8dd9J5Hl9WmFG0RkvKciRHNMgZePHw=; b=PIPpGrO3mP2HmNP6TGx+xJiWP9vR/kaSBRuiAVH8m0QHIO+kQ/+URuJQ4FoQyBG9ZIqEiBGLy8DdLN2XNGquY7CCzV5lPiSU9LnIrJvmNQc/iU/t7g2fMRsGsWDjMcPsx4rAhJ0Jpsg0OZohV+zYHA07XzUAAE69NgX19qq8bjJB5FYrMIe1A3Loi/UXTerEKN+sVjc/MG8P79nac7pXJweY+6UQN6qIuO2ugEmu+OvjosTRHXMUXOzhPlSzFJJMoMWA3ZcTO4U92RH1vi+C4JivXTcNi8FKjzDLb+MKMd8sRmBBmmSAQiu4NSvDvxaLduodp1VG4zVoDxdlqiYBEg==
  • Arc-seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=YKbXZH7zc4uU5eaRxwpCFou/3p9lkKKR3REl+Gyc/uBipBylN7Fncm3LTnPBmkKhGHT/w7vkO9w82FfYfHG3xeNx7gEeq2KAogsD6UhsNWtNNmTajGG6UBtKGR+Z7Bz5a2smhtMLw1iw4BySUPcYFGD+7dkNcX41u69yW+6zbwmWtZZoqYLD5lCddZwN4lr1mgpfsl47eaJTPh/BHQ6QtNA/vlMQRt5SQ4sa4P7+AQUIQ0lvFyekWuMOUBbKnFeNODbe5b4L80aeabKZSXcJqf4sfRs8Al2f4pso5KTlZZTbQARu20am46F5t2FkjsbswmkT4sW8qXKMgFH7lIMp/Q==
  • Arc-seal: i=2; cv=pass; a=rsa-sha256; d=avanan.net; s=arcselector01; t=1741338340; b=IQcrHppK8JZcR+vYHt17LuAkd66kuXSAFc2SuTwbHQ+OsvHNWkCkZty0GQbORJiuhARkA 7Zr90d4aF5zEAF/KWUz8IR+Mj/aNOYIqvG/GI/lAStU4g16hqbR2LeIQEvBp6yuyo71TA6T f+rYb3+gXl/5rdqU2wUIUWThbluhlM4=
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MHnlGJ70MrIDhzXQYMZFhMDkUnqxfkeAOeCfZlHb0qCmdvllHQZxWe+9j94TFRDjFKVzIcJ9D9ZmG5WILTCiCB/1CxOWTj4BFtrzEu1kCStHLDWD9ENvYxYWp28XxmnQ20c3CbMd9IuAXCGP9Ff57uUodun0x5I3SFFYmozeqTgCxu7ZL+R3CbvB/fRpkmKgALrVTsZr07akzXoNDPbpq1LblyZTKSzs+RN+HRJxzlxi7J6SiT9GF7LkEoaQ/vP+gTBdCXbH1lYYUeNUE0lRSuRGSO7sTcljvm8GREa/EBFFEw9F9ffpgryNJeZ8JaRYQUDMGe0CCUf39epZKeJtbg==
  • Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
  • List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHbjqfQM2lg2cuq1EKgHlsFJE6Gw7NmNyMAgAEm40A=
  • Thread-topic: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group Meeting #1 are now public

Dear Dick,

 

linking an opinion from 2007 is a bad idea.

Standards are evolving, and so does the 62443!

 

Instead of complaining that it doesn’t fit 100%, we (as European manufacturers) make sure that the EN IEC 62443-4-2, 4-2, 3-3 with the use of 1-5 and 6-2 is going to fit for purpose. We even intend, together with the European Commission, getting some of these parts ready to be listed as harmonized standards in the OJEU.

We even will develop new profiles manufacturers can use regarding the conformity of their products, even for important products listed in Annex III, making sure that a self-declaration is an option.

 

All of this takes time and means a high workload for us, but there is no other option than doing it. Otherwise, we will have to go to the notified body for products listed in the Annex…

 

If you want to hear more about the future of the EN IEC 62443 regarding the Cyber Resilience Act, look here for the presentation:

https://opcfoundation.org/developer-tools/marketing-communication-presentations/opc-and-opc-ua-presentations/

Presentations from webinar "EU Cyber Resilience Act (EU CRA) and EN IEC62443"

 

 

Viele Grüße,

 

Steffen Zimmermann

Industrial Security @ VDMA

 

 

 

 

Von: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> im Auftrag von Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Datum: Donnerstag, 6. März 2025 um 16:13
An: 'Open Regulatory Compliance Working Group' <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Dick Brooks <dick@xxxxxxxxxxxxxxxxxxxxxxxxx>
Betreff: Re: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group Meeting #1 are now public

Lars,

It appears that some people proposing IEC 62443 are unaware that it does not
support certain EU CRA requirements, like SBOM and Secure by Default
contained in Annex I. I've been told this is being worked on but the
decision to "not support Secure by Default in IEC 62443" was a conscious
decision:
https://dale-peterson.com/2007/08/22/secure-by-default-no-sale/

Some OT vendors are moving aggressively to support SBOM and Secure by Design
practices:
https://energycentral.com/c/iu/sboms-building-customer-trust-through-softwar
e-transparency

"most manufacturers may not know how to conduct risk-assessments and this
could be particularly beneficial for SMEs. Still others flagged that the ISO
27000 and IEC 62443 series could serve as the basis for this work."



Thanks,

Dick Brooks
  
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership

Never trust software, always verify and report! T
Risk always exists, but trust must be earned and awarded.T
https://businesscyberguardian.com/
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788


-----Original Message-----
From: open-regulatory-compliance
<open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Lars Francke
via open-regulatory-compliance
Sent: Thursday, March 6, 2025 9:55 AM
To: Open Regulatory Compliance Working Group
<open-regulatory-compliance@xxxxxxxxxxx>
Cc: Lars Francke <lars.francke@xxxxxxxxx>
Subject: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group
Meeting #1 are now public

https://ec.europa.eu/transparency/expert-groups-register/core/api/front/docu
ment/115256/download
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org


Back to the top