@@ -146,12 +146,21 @@ This document is a European harmonised standard that defines cybersecurity requi
## 1.1 General
This document is created for EU Regulation 2024/2847, the Cyber Resilience Act.
The present document is created for EU Regulation 2024/2847, the Cyber Resilience Act.
## 1.2 Products in scope
The implementing regulation <ahref="#_ref_i.11">[i.11]</a> defines in section (2) that the core functionality of a product defines what category it should be evaluated under. The regulation continues to define in section (3), that when the product is a composite of other recognised products, the composite product doesn't inherit all other regulations, but is evaluated only in it's own category.
The implementing regulation <ahref="#_ref_i.11">[i.11]</a> (ANNEX I, Class I, 6.) defines the following:
> Products with digital elements that manage connected network elements, such as servers, routers, switches, workstations, printers or mobile devices, by monitoring them and controlling their network operations and configuration.
>
> This category includes but is not limited to end-to-end management systems and dedicated configuration management systems, such as controllers for software-defined networking.
This quotation is not to be used as a source of the truth, as the definition might change. Refer to the source for the latest description.
The NMS is defined in the implmeneting regulation <ahref="#_ref_i.11">[i.11]</a> in Annex I, Class I (6) and is not restricted to only systems that are IP connected. The scope covers all connected elements in the network, that are somehow managed. This includes, but is not limited to, Mobile Device Management systems and Software Defined Networking.
Bluetooth consumer devices are usually not managed by an NMS, however, if they are capable, a NMS management could control them too, as Bluetooth is just a communication media and can be used also for management traffic. Such, NMS’s often control more than just network configuration - e.g., MDM systems.
