Commit 7a51366f authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Merge branch 'has11' into 'main' 

Removed 4.2 Out of scope use

Closes #72

See merge request cyber/stan4cr2/en-304-621!45
parents bf7a2e22 9fa54ecb

EN-304-621.md

+0 −24
Original line number Diff line number Diff line
@@ -246,30 +246,6 @@ MDM Mobile Device Management 


> NOTE: This section's structure is built upon CEN/CLC JTC13 PT01's deliverable and might require restructuring based on its progress.



## 4.2 Out of scope use/environments



The types of products with digital elements listed in this subsection do not fall within the scope of Regulation (EU) 2024/2847 (Cyber Resilience Act), and are not covered by the present document:



1. Services, except for the remote data processing solutions for a covered product as defined in CRA recitals 11-12; article 3, 2 <a href="#_ref_i.1">[i.1]</a>;

2. Products specifically designed or procured for national security and defence purposes as defined in CRA recitals 14 and 26; article 2, 7-8 <a href="#_ref_i.1">[i.1]</a>;

3. Products developed for or used exclusively for internal use by public administration as defined in CRA recital 16; article 5, 2 <a href="#_ref_i.1">[i.1]</a>;

4. Non-commercial free and open source software as defined in CRA recitals 17-21; article 13, 5 <a href="#_ref_i.1">[i.1]</a>;

5. Medical Devices and Software as defined in CRA recital 25; article 2, 2 [a-b] <a href="#_ref_i.1">[i.1]</a>;

6. Vehicles, including aviation and marine equipment as defined in CRA recital 27; article 2, 2.c "vehicles"; recital 27; article 2, 3 "aviation"; article 2, 4 "marine equipment" <a href="#_ref_i.1">[i.1]</a>;

7. Spare and used parts as defined in CRA recital 29; article 2, 6 <a href="#_ref_i.1">[i.1]</a>;

8. Refurbished, repaired, and upgraded products that have not been substantially modified as defined in recitals 39 - 42 <a href="#_ref_i.1">[i.1]</a>;



The following types of products have reduced or varied requirements under Regulation (EU) 2024/2847 (Cyber Resilience Act) <a href="#_ref_i.1">[i.1]</a> and can only be partially covered by the present document:



9. High Risk AI as defined in CRA recital 51; article 12 <a href="#_ref_i.1">[i.1]</a>;

10. Testing and unfinished versions as defined in recital 37; Article 4, 2-3 <a href="#_ref_i.1">[i.1]</a>;

11. Products Placed on the Market Prior to December 11, 2027 as defined in CRA article 69 <a href="#_ref_i.1">[i.1]</a>.



The following are products and features that are covered by separate standards:



12. Topics covered in \"Cybersecurity Requirements for Telecommunication Systems\" [\[i.9\]](#_ref_i.9);

13. That CEN/CLC industrial network management systems stuff under EN-204-621b [\[i.4\]](#_ref_i.4); <mark>define better</mark>



## 4.3 Product overview and architecture



Network management systems are often deployed <mark>in a star pattern, where all command and control functionality is focused on a centralised set of services, that are providing all required functionality</mark>.