Commit 634cafb1 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Refined scope

Closes #9
parent c4a31342
Loading
Loading
Loading
Loading
+2 −11
Original line number Diff line number Diff line
@@ -97,9 +97,7 @@ The present document specifies technical requirements and corresponding assessme
In particular the present document specific technical requirements and methods of assessment for:

The present document specifies technical requirements and corresponding assessment criteria for [vertical product category name] related to cybersecurity.
The products with digital elements in scope, thereafter "NMS":

- are specified within the "technical description" of the "category of product" number "NN" by the Commission Implementing Regulation (EU) 2025/2392 of 28 November 2025 on the technical description of the categories of important and critical products with digital elements pursuant to Regulation (EU) 2024/2847 of the European Parliament and of the Council. [\[i.2\]](#_ref_i.2) as:
The products with digital elements in scope, thereafter "NMS": are specified within the "technical description" of the "category of product" number "6" by the Commission Implementing Regulation (EU) 2025/2392 of 28 November 2025 on the technical description of the categories of important and critical products with digital elements pursuant to Regulation (EU) 2024/2847 of the European Parliament and of the Council. [\[i.2\]](#_ref_i.2) as:

> Products with digital elements that manage connected network elements, such as servers, routers, switches, workstations, printers or mobile devices, by monitoring them and controlling their network operations and configuration.
>
@@ -109,17 +107,10 @@ The present document covers those products to demonstrate compliance with essent

> NOTE: This reduces the scope of the vertical. Full presumption of conformity of the product will be given by complying with both the CRA Vertical standard and PT3, once they are cited in the EUOJ.

NMS as defined above is not restricted only to systems that are "internet protocol" (IP) connected. The scope covers all connected elements in the network that are managed. This includes, but is not limited to, Mobile Device Management (MDM) systems and Software Defined Networking.

Personal Area Network (PAN) consumer devices are usually not managed by an NMS, however, if they are capable, a NMS management could control them too, as PAN devices are communication media and can be used for management traffic. In such situations the NMS used often has functions beyond network configuration such as in most Mobile Decive Management systems.
This includes, but is not limited to, Mobile Device Management systems and Software Defined Networking , e.g when an SDN-controller is a stand-alone product using a network management protocol as its South Bound Interface (SBI).

NMS intended for use in the industrial OT (Operational Technology) domain are excluded from the scope of the present document, see prEN 50770 series [i.TKOT].

NMS necessary for extremely high secuirity deployments, such as those designed and developed to be hardened against nation-state and other highly sophisticated attackers are excluded from the scope of the present document.

Where applicable, the scope could include the following exclusion:
NMS intended for use in the industrial OT (Operational Technology) domain are excluded from the scope of the present document, see prEN 50770 series [\[i.x\]](#_ref_i.x).

# 2 References

## 2.1 Normative references