forked from intuitem/ciso-assistant-community
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcra-resolution-annexes.yaml
1585 lines (1581 loc) · 81.3 KB
/
cra-resolution-annexes.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
urn: urn:intuitem:risk:library:cra-resolution-annexes
locale: en
ref_id: CRA-resolution-annexes
name: Cyber Resilience Act
description: "European Parliament legislative resolution of 12 March 2024 on the proposal\
\ for a regulation of the European Parliament and of the Council on horizontal cybersecurity\
\ requirements for products with digital elements and amending Regulation (EU) 2019/1020\
\ (COM(2022)0454 \u2013 C9-0308/2022 \u2013 2022/0272(COD))\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.pdf"
copyright: European Union law
version: 2
provider: EU
packager: intuitem
objects:
framework:
urn: urn:intuitem:risk:framework:cra-resolution-annexes
ref_id: CRA-resolution-annexes
name: Cyber Resilience Act
description: "European Parliament legislative resolution of 12 March 2024 on the\
\ proposal for a regulation of the European Parliament and of the Council on\
\ horizontal cybersecurity requirements for products with digital elements and\
\ amending Regulation (EU) 2019/1020 (COM(2022)0454 \u2013 C9-0308/2022 \u2013\
\ 2022/0272(COD))\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.pdf"
requirement_nodes:
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1
assessable: false
depth: 1
ref_id: '1'
name: ANNEX I
description: ESSENTIAL REQUIREMENTS
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1
ref_id: '1.1'
name: Part I
description: Cybersecurity requirements relating to the properties of products
with digital elements
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1
ref_id: 1.1.1
description: Products with digital elements shall be designed, developed and
produced in such a way that they ensure an appropriate level of cybersecurity
based on the risks;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1
ref_id: 1.1.2
description: 'On the basis of the cybersecurity risk assessment referred to
in Article 10(2) and where applicable, products with digital elements shall:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.a
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.a
description: be made available on the market without known exploitable vulnerabilities;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.b
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.b
description: be made available on the market with a secure by default configuration,
unless otherwise agreed between manufacturer and business user in relation
to a tailor-made product with digital elements, including the possibility
to reset the product to its original state;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.c
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.c
description: ensure that vulnerabilities can be addressed through security updates,
including, where applicable, through automatic security updates that are installed
within an appropriate timeframe enabled as a default setting, with a clear
and easy-to-use opt-out mechanism, through the notification of available updates
to users, and the option to temporarily postpone them;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.d
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.d
description: ensure protection from unauthorised access by appropriate control
mechanisms, including but not limited to authentication, identity or access
management systems, and report on possible unauthorised access;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.e
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.e
description: protect the confidentiality of stored, transmitted or otherwise
processed data, personal or other, such as by encrypting relevant data at
rest or in transit by state of the art mechanisms, and by using other technical
means;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.f
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.f
description: protect the integrity of stored, transmitted or otherwise processed
data, personal or other, commands, programs and configuration against any
manipulation or modification not authorised by the user, and report on corruptions;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.g
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.g
description: process only data, personal or other, that are adequate, relevant
and limited to what is necessary in relation to the intended purpose of the
product with digital elements (minimisation of data);
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.h
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.h
description: protect the availability of essential and basic functions, also
after an incident, including through resilience and mitigation measures against
denial-of-service attacks;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.i
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.i
description: minimise the negative impact by the products themselves or connected
devices on the availability of services provided by other devices or networks;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.j
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.j
description: be designed, developed and produced to limit attack surfaces, including
external interfaces;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.k
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.k
description: be designed, developed and produced to reduce the impact of an
incident using appropriate exploitation mitigation mechanisms and techniques;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.l
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.l
description: provide security related information by recording and monitoring
relevant internal activity, including the access to or modification of data,
services or functions, with an opt-out mechanism for the user;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.m
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2
ref_id: 1.1.2.m
description: provide the possibility for users to securely and easily remove
on a permanent basis all data and settings and, where such data can be transferred
to other products or systems, ensure that this is done in a secure manner.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1
ref_id: '1.2'
name: Part II
description: "Vulnerability\_handling\_requirements"
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2
description: 'Manufacturers of the products with digital elements shall:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.1
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.1
description: identify and document vulnerabilities and components contained
in products with digital elements, including by drawing up a software bill
of materials in a commonly used and machine-readable format covering at the
very least the top-level dependencies of the products;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.2
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.2
description: in relation to the risks posed to products with digital elements,
address and remediate vulnerabilities without delay, including by providing
security updates; where technically feasible, new security updates shall be
provided separately from functionality updates;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.3
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.3
description: apply effective and regular tests and reviews of the security of
the product with digital elements;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.4
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.4
description: once a security update has been made available, share and publicly
disclose information about fixed vulnerabilities, including a description
of the vulnerabilities, information allowing users to identify the product
with digital elements affected, the impacts of the vulnerabilities, their
severity and clear and accessible information helping users to remediate the
vulnerabilities; in duly justified cases, where manufacturers consider the
security risks of publication to outweigh the security benefits, they may
delay making public information regarding a fixed vulnerability until after
users have been given the possibility to apply the relevant patch;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.5
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.5
description: put in place and enforce a policy on coordinated vulnerability
disclosure;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.6
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.6
description: take measures to facilitate the sharing of information about potential
vulnerabilities in their product with digital elements as well as in third
party components contained in that product, including by providing a contact
address for the reporting of the vulnerabilities discovered in the product
with digital elements;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.7
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.7
description: provide for mechanisms to securely distribute updates for products
with digital elements to ensure that vulnerabilities are fixed or mitigated
in a timely manner and, where applicable for security updates, in an automatic
manner;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.8
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20
ref_id: 1.2.8
description: ensure that, where security updates are available to address identified
security issues, they are disseminated without delay and, unless otherwise
agreed between a manufacturer and a business user in relation to a tailor-
made product with digital elements, free of charge, accompanied by advisory
messages providing users with the relevant information, including on potential
action to be taken.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2
assessable: false
depth: 1
ref_id: '2'
name: ANNEX II
description: INFORMATION AND INSTRUCTIONS TO THE USER
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2
description: 'As a minimum, the product with digital elements shall be accompanied
by:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.1'
description: the name, registered trade name or registered trademark of the
manufacturer, and the postal address, the email address or other digital contact
as well as, where available, the website at which the manufacturer can be
contacted;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.2'
description: "the single point of contact where information about vulnerabilities\
\ of the product with digital elements can be reported and received, and where\
\ the manufacturer\u2019s policy on coordinated vulnerability disclosure can\
\ be found;"
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.3'
description: name and type and any additional information enabling the unique
identification of the product with digital elements ;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.4
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.4'
description: "the intended purpose of the product with digital elements, including\
\ the security environment provided by the manufacturer, as well as the product\u2019\
s essential functionalities and information about the security properties;"
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.5
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.5'
description: 'any known or foreseeable circumstance, related to the use of the
product with digital elements in accordance with its intended purpose or under
conditions of reasonably foreseeable misuse, which may lead to significant
cybersecurity risks; '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.6
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.6'
description: 'where applicable, the internet address at which the EU declaration
of conformity can be accessed; '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.7
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.7'
description: the type of technical security support offered by the manufacturer
and the end-date of the support period during which users can expect vulnerabilities
to be handled and to receive security updates;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.8'
description: 'detailed instructions or an internet address referring to such
detailed instructions and information on:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.a
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.a
description: the necessary measures during initial commissioning and throughout
the lifetime of the product with digital elements to ensure its secure use;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.b
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.b
description: how changes to the product with digital elements can affect the
security of data;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.c
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.c
description: how security-relevant updates can be installed;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.d
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.d
description: the secure decommissioning of the product with digital elements,
including information on how user data can be securely removed;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.e
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.e
description: how the default setting enabling the automatic installation of
security updates, as required by Annex I, Part I, point (c), can be turned
off;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.f
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8
ref_id: 2.8.f
description: where the product with digital elements is intended for integration
into other products with digital elements, the information necessary for the
integrator to comply with the essential requirements set out in Annex I and
the documentation requirements set out in Annex VII.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.9
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30
ref_id: '2.9'
description: If the manufacturer decides to make available the software bill
of materials to the user, information on where the software bill of materials
can be accessed.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3
assessable: false
depth: 1
ref_id: '3'
name: ANNEX III
description: IMPORTANT PRODUCTS WITH DIGITAL ELEMENTS
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3
ref_id: '3.1'
name: Class I
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.1
description: Identity management systems and privileged access management software
and hardware, including authentication and access control readers, including
biometric readers;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.2
description: Standalone and embedded browsers;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.3
description: Password managers;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.4
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.4
description: Software that searches for, removes, or quarantines malicious software;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.5
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.5
description: Products with digital elements with the function of virtual private
network (VPN);
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.6
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.6
description: Network management systems;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.7
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.7
description: Security information and event management (SIEM) systems;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.8
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.8
description: Boot managers;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.9
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.9
description: Public key infrastructure and digital certificate issuance software;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.9'
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.9'
description: Physical and virtual network interfaces;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.10
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.10
description: Operating systems ;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.11
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.11
description: Routers, modems intended for the connection to the internet, and
switches ;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.12
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.12
description: Microprocessors with security-related functionalities;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.13
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.13
description: Microcontrollers with security-related functionalities;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.14
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.14
description: Application specific integrated circuits (ASIC) and field-programmable
gate arrays (FPGA) with security-related functionalities;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.15
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.15
description: Smart home general purpose virtual assistants;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.16
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.16
description: Smart home products with security functionalities, including smart
door locks, security cameras, baby monitoring systems and alarm systems;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.17
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.17
description: Internet connected toys covered by Directive 2009/48/EC of the
European Parliament and of the Council1 that have social interactive features
(e.g. speaking or filming) or that have location tracking features;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.18
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1
ref_id: 3.1.18
description: Personal wearable products to be worn or placed on a human body
that have a health monitoring (such as tracking) purpose and to which Regulation
(EU) 2017/745 or Regulation (EU) 2017/746 do not apply, or personal wearable
products that are intended for the use by and for children.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3
ref_id: '3.2'
name: Class II
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2
ref_id: 3.2.1
description: Hypervisors and container runtime systems that support virtualised
execution of operating systems and similar environments;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2
ref_id: 3.2.2
description: Firewalls, intrusion detection and prevention systems ;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2
ref_id: 3.2.3
description: Tamper-resistant microprocessors;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.4
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2
ref_id: 3.2.4
description: Tamper-resistant microcontrollers.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4
assessable: false
depth: 1
ref_id: '4'
name: ANNEX IV
description: CRITICAL PRODUCTS WITH DIGITAL ELEMENTS
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.1
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4
ref_id: '4.1'
description: Hardware Devices with Security Boxes;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.2
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4
ref_id: '4.2'
description: Smart meter gateways within smart metering systems as defined in
Article 2(23) of Directive (EU) 2019/944 of the European Parliament and of
the Council and other devices for advanced security purposes, including for
secure cryptoprocessing;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.3
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4
ref_id: '4.3'
description: Smartcards or similar devices, including secure elements.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5
assessable: false
depth: 1
ref_id: '5'
name: ANNEX V
description: EU DECLARATION OF CONFORMITY
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5
description: 'The EU declaration of conformity referred to in Article 28, shall
contain all of the following information:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.1'
description: Name and type and any additional information enabling the unique
identification of the product with digital elements;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.2'
description: Name and address of the manufacturer or its authorised representative;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.3'
description: A statement that the EU declaration of conformity is issued under
the sole responsibility of the provider;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.4
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.4'
description: Object of the declaration (identification of the product with digital
elements allowing traceability, which may include a photograph, where appropriate);
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.5
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.5'
description: A statement that the object of the declaration described above
is in conformity with the relevant Union harmonisation legislation;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.6
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.6'
description: References to any relevant harmonised standards used or any other
common specification or cybersecurity certification in relation to which conformity
is declared;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.7
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.7'
description: Where applicable, the name and number of the notified body, a description
of the conformity assessment procedure performed and identification of the
certificate issued;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.8
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77
ref_id: '5.8'
description: 'Additional information:
Signed for and on behalf of:....................................... (place
and date of issue):
(name, function) (signature):'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6
assessable: false
depth: 1
ref_id: '6'
name: ANNEX VI
description: SIMPLIFIED EU DECLARATION OF CONFORMITY
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node87
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6
description: 'The simplified EU declaration of conformity referred to in Article
13(20) shall be provided as follows:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node88
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6
description: Hereby, [Name of manufacturer] declares that the product with digital
elements type [designation of type of product with digital element] is in
compliance with Regulation (EU) .../... of the European Parliament and of
the Council1.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node89
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6
description: 'The full text of the EU declaration of conformity is available
at the following internet address:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7
assessable: false
depth: 1
ref_id: '7'
name: ANNEX VII
description: CONTENTS OF THE TECHNICAL DOCUMENTATION
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
assessable: true
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7
description: 'The technical documentation referred to in Article 31 shall contain
at least the following information, as applicable to the relevant product
with digital elements:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.1'
description: 'a general description of the product with digital elements, including:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.a
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1
ref_id: 7.1.a
description: its intended purpose;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.b
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1
ref_id: 7.1.b
description: versions of software affecting compliance with essential requirements;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.c
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1
ref_id: 7.1.c
description: where the product with digital elements is a hardware product,
photographs or illustrations showing external features, marking and internal
layout;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.d
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1
ref_id: 7.1.d
description: user information and instructions as set out in Annex II;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.2'
description: 'a description of the design, development and production of the
product with digital
elements and vulnerability handling processes, including:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.a
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2
ref_id: 7.2.a
description: necessary information on the design and development of the product
with digital elements, including, where applicable, drawings and schemes and
a description of the system architecture explaining how software components
build on or feed into each other and integrate into the overall processing;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.b
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2
ref_id: 7.2.b
description: necessary information and specifications of the vulnerability handling
processes put in place by the manufacturer, including the software bill of
materials, the coordinated vulnerability disclosure policy, evidence of the
provision of a contact address for the reporting of the vulnerabilities and
a description of the technical solutions chosen for the secure distribution
of updates;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.c
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2
ref_id: 7.2.c
description: necessary information and specifications of the production and
monitoring processes of the product with digital elements and the validation
of those processes;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.3'
description: an assessment of the cybersecurity risks against which the product
with digital elements is designed, developed, produced, delivered and maintained
as laid down in Article 13 of this Regulation, including how the essential
requirements set out in Annex I, Part I, are applicable;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.4
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.4'
description: relevant information that was taken into account to determine the
support period as referred to in Article 13(8) of the product with digital
elements;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.5
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.5'
description: a list of the harmonised standards applied in full or in part the
references of which have been published in the Official Journal of the European
Union, common specifications as set out in Article 27 of this Regulation or
European cybersecurity certification schemes adopted pursuant to Regulation
(EU) 2019/881 pursuant to Article 27(8) of this Regulation, and, where those
harmonised standards, common specifications or European cybersecurity certification
schemes have not been applied, descriptions of the solutions adopted to meet
the essential requirements set out in of Annex I, Parts I and II, including
a list of other relevant technical specifications applied. In the event of
partly applied harmonised standards, common specifications or European cybersecurity
certification schemes, the technical documentation shall specify the parts
which have been applied;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.6
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.6'
description: reports of the tests carried out to verify the conformity of the
product with digital elements and of the vulnerability handling processes
with the applicable essential requirements as set out in Annex I, Parts I
and II;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.7
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.7'
description: a copy of the EU declaration of conformity;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.8
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91
ref_id: '7.8'
description: 'where applicable, the software bill of materials, further to a
reasoned request from a market surveillance authority provided that it is
necessary in order for this authority to be able to check compliance with
the essential requirements set out in Annex I. '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8
assessable: false
depth: 1
ref_id: '8'
name: ANNEX VIII
description: CONFORMITY ASSESSMENT PROCEDURES
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8
ref_id: '8.1'
name: Part I
description: Conformity Assessment procedure based on internal control (based
on Module A)
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
ref_id: 8.1.1
description: Internal control is the conformity assessment procedure whereby
the manufacturer fulfils the obligations laid down in points 2, 3 and 4, and
ensures and declares on its sole responsibility that the products with digital
elements satisfy all the essential requirements set out in Annex I, Part I,
and the manufacturer meets the essential requirements set out in Annex I,
Part II.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
ref_id: 8.1.2
description: 'The manufacturer shall draw up the technical documentation described
in Annex VII. '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
ref_id: 8.1.3
description: "Design, development, production and vulnerability handling of\
\ products with digital elements \nThe manufacturer shall take all measures\
\ necessary so that the design, development, production and vulnerability\
\ handling processes and their monitoring ensure compliance of the manufactured\
\ or developed products with digital elements and of the processes put in\
\ place by the manufacturer with the essential requirements set out in Annex\
\ I, Parts I and II."
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
ref_id: 8.1.4
name: Conformity marking and declaration of conformity
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4.1
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4
ref_id: 8.1.4.1
description: The manufacturer shall affix the CE marking to each individual
product with digital elements that satisfies the applicable requirements of
this Regulation.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4.2
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4
ref_id: 8.1.4.2
description: The manufacturer shall draw up a written EU declaration of conformity
for each product with digital elements in accordance with Article 28 and keep
it together with the technical documentation at the disposal of the national
authorities for 10 years after the product with digital elements has been
placed on the market or for the support period, whichever is longer. The EU
declaration of conformity shall identify the product with digital elements
for which it has been drawn up. A copy of the EU declaration of conformity
shall be made available to the relevant authorities upon request.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.5
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
ref_id: 8.1.5
description: Authorised representatives
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node116
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1
description: "The manufacturer\u2019s obligations set out in point 4 may be\
\ fulfilled by its authorised representative, on its behalf and under its\
\ responsibility, provided that they are specified in the mandate."
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
assessable: false
depth: 2
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8
ref_id: '8.2'
name: Part II
description: 'EU-type examination (based on Module B) '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.1
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
ref_id: 8.2.1
description: 'EU-type examination is the part of a conformity assessment procedure
in which a notified body examines the technical design and development of
a product with digital elements and the vulnerability handling processes put
in place by the manufacturer, and attests that a product with digital elements
meets the essential requirements set out in Annex I, Part I, and that the
manufacturer meets the essential requirements set out in Annex I, Part II. '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.2
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
ref_id: 8.2.2
description: EU-type examination shall be carried out by assessment of the adequacy
of the technical design and development of the product with digital elements
through examination of the technical documentation and supporting evidence
referred to in point 3, plus examination of specimens of one or more critical
parts of the product (combination of production type and design type).
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3
assessable: true
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
ref_id: 8.2.3
description: 'The manufacturer shall lodge an application for EU-type examination
with a single notified body of its choice. '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
description: 'The application shall include: '
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.1
assessable: false
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121
ref_id: 8.2.3.1
description: the name and address of the manufacturer and, if the application
is lodged by the authorised representative, its name and address as well;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.2
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121
ref_id: 8.2.3.2
description: a written declaration that the same application has not been lodged
with any other notified body;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.3
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121
ref_id: 8.2.3.3
description: the technical documentation, which shall make it possible to assess
the conformity of the product with digital elements with the applicable essential
requirements as set out in Annex I, Part I, and the manufacturer's vulnerability
handling processes set out in Annex I, Part II, and shall include an adequate
analysis and assessment of the risks. The technical documentation shall specify
the applicable requirements and cover, as far as relevant for the assessment,
the design, manufacture and operation of the product with digital elements.
The technical documentation shall contain, wherever applicable, at least the
elements set out in Annex VII;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.4
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121
ref_id: 8.2.3.4
description: the supporting evidence for the adequacy of the technical design
and development solutions and vulnerability handling processes. This supporting
evidence shall mention any documents that have been used, in particular where
the relevant harmonised standards or technical specifications have not been
applied in full. The supporting evidence shall include, where necessary, the
results of tests carried out by the appropriate laboratory of the manufacturer,
or by another testing laboratory on its behalf and under its responsibility.
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4
assessable: false
depth: 3
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2
ref_id: 8.2.4
description: 'The notified body shall:'
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.1
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4
ref_id: 8.2.4.1
description: examine the technical documentation and supporting evidence to
assess the adequacy of the technical design and development of the product
with digital elements with the essential requirements set out in Annex I,
Part I, and of the vulnerability handling processes put in place by the manufacturer
with the essential requirements set out in Annex I, Part II;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.2
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4
ref_id: 8.2.4.2
description: verify that specimens have been developed or manufactured in conformity
with the technical documentation, and identify the elements which have been
designed and developed in accordance with the applicable provisions of the
relevant harmonised standards or technical specifications, as well as the
elements which have been designed and developed without applying the relevant
provisions of those standards;
- urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.3
assessable: true
depth: 4
parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4