Harmonised Vertical Standards: Enablers of Effective CRA Implementation (R13b)
Implementing the Cyber Resilience Act (CRA) raises challenges such as technological diversity, inconsistent interpretation of requirements, and fragmented assurance practices. Harmonised vertical standards can address these gaps by providing a common framework to translate CRA essential requirements into risk-based, testable specifications. Using the CRA vertical standard for hypervisors and container runtime systems as an example, the talk shows how a structured, use-case-driven, and risk-based approach supports the selection of appropriate security requirements and their transformation into concrete, verifiable technical specifications.