Dear Dick,
linking an opinion from 2007 is a bad idea.
Standards are evolving, and so does the 62443!
Instead of complaining that it doesn’t fit 100%, we (as European manufacturers) make sure that the EN IEC 62443-4-2, 4-2, 3-3 with the use of 1-5 and 6-2 is going to
fit for purpose. We even intend, together with the European Commission, getting some of these parts ready to be listed as harmonized standards in the OJEU.
We even will develop new profiles manufacturers can use regarding the conformity of their products, even for important products listed in Annex III, making sure that
a self-declaration is an option.
All of this takes time and means a high workload for us, but there is no other option than doing it. Otherwise, we will have to go to the notified body for products
listed in the Annex…
If you want to hear more about the future of the EN IEC 62443 regarding the Cyber Resilience Act, look here for the presentation:
https://opcfoundation.org/developer-tools/marketing-communication-presentations/opc-and-opc-ua-presentations/
Presentations from webinar "EU Cyber Resilience Act (EU CRA) and EN IEC62443"
Viele Grüße,
Steffen Zimmermann
Industrial Security @ VDMA
Von:
open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> im Auftrag von Dick Brooks via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Datum: Donnerstag, 6. März 2025 um 16:13
An: 'Open Regulatory Compliance Working Group' <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Dick Brooks <dick@xxxxxxxxxxxxxxxxxxxxxxxxx>
Betreff: Re: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group Meeting #1 are now public
Lars,
It appears that some people proposing IEC 62443 are unaware that it does not
support certain EU CRA requirements, like SBOM and Secure by Default
contained in Annex I. I've been told this is being worked on but the
decision to "not support Secure by Default in IEC 62443" was a conscious
decision:
https://dale-peterson.com/2007/08/22/secure-by-default-no-sale/
Some OT vendors are moving aggressively to support SBOM and Secure by Design
practices:
https://energycentral.com/c/iu/sboms-building-customer-trust-through-softwar
e-transparency
"most manufacturers may not know how to conduct risk-assessments and this
could be particularly beneficial for SMEs. Still others flagged that the ISO
27000 and IEC 62443 series could serve as the basis for this work."
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
Never trust software, always verify and report! T
Risk always exists, but trust must be earned and awarded.T
https://businesscyberguardian.com/
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788
-----Original Message-----
From: open-regulatory-compliance
<open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Lars Francke
via open-regulatory-compliance
Sent: Thursday, March 6, 2025 9:55 AM
To: Open Regulatory Compliance Working Group
<open-regulatory-compliance@xxxxxxxxxxx>
Cc: Lars Francke <lars.francke@xxxxxxxxx>
Subject: [open-regulatory-compliance] FYI: The minutes for CRA Expert Group
Meeting #1 are now public
https://ec.europa.eu/transparency/expert-groups-register/core/api/front/docu
ment/115256/download
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org
