Update file EN-304-624.md

<div align="center">

**ETSI EN LLL-LLL DDD Vm.t.e (yyyy-mm)**

**ETSI EN 304 624 DDD Vm.t.e (yyyy-mm)**

![~~CAPTION~~](media/etsi-coverpage-logo.png)

Title;<br />

CYBER;<br />

Part #: Part element of title;<br />

CRA;<br />

Sub-part #: Sub-part element of title<br />

Essential cybersecurity requirements for Public key infrastructure and digital certificate issuance software<br />

Release #

**DECT™**, **PLUGTESTS™**, **UMTS™** and the ETSI logo are trademarks of ETSI registered for the benefit of its Members. **3GPP™**, **LTE™** and **5G™** logo are trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. **oneM2M™** logo is a trademark of ETSI registered for the benefit of its Members and of the oneM2M Partners. **GSM®** and the GSM logo are trademarks registered and owned by the GSM Association.

# Foreword

This Group Report (GR) has been produced by ETSI Industry Specification Group <long ISGname> (<short ISGname>).

This draft Harmonised European Standard (EN) has been produced by ETSI Technical CommitteeCyber Security (CYBER), and is now submitted for the combined Public Enquiry and Vote phase of the ETSI Standardisation Request deliverable Approval Procedure (SRdAP).

The present document has been prepared under the Commission's standardisation request C(2025) 618 final [i.1] to provide one voluntary means of conforming to the requirements of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act) [i.2].

Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in table […] confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.

# Modal verbs terminology

In the present document "**should** ", "**should not** ", "**may** ", "**need not** ", "**will** ", "**will not** ", "**can** " and "**cannot** " are to be interpreted as described in clause 3.2 of the [ETSI Drafting Rules](https://portal.etsi.org/Services/editHelp/How-to-start/ETSI-Drafting-Rules) (Verbal forms for the expression of provisions).

# 1 Scope

The present document ...

The present document specifies requirements and assessment criteria covering all elements defined in CRA Annex I Part 1 and Part 2 for Public key infrastructure and digital certificate issuance software.

The present document covers the ………. (add the scope of the standard) to demonstrate compliance with requirements in the EU Regulation 2024/2847 under the conditions identified in annex <L>.

# 2 References

## 2.1 Normative references

Normative references are not applicable in the present document.

References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. 

Referenced documents which are not found to be publicly available in the expected location might be found in the ETSI docbox.

NOTE:	While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity.

The following referenced documents are necessary for the application of the present document.

[1]	ITU-T X.509 (10/2019): "Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks"

NOTE:	Identical text in the defining of public-key and attribute certificates is also available in ISO/IEC 9594‑8 (paywall).

Editor's note: the normal convention appears to be to refer to X.509 (as the original source) but in some cases references are cited as ITU‑T X.509/ISO‑IEC 9594‑8. 

[2]	<Standard Organization acronym> <document number> (<version number>): "<Title>".

## 2.2 Informative references

The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader's understanding but are not required for conformance to the present document.

- <a name="_ref_i.1">[i.1]</a>

- <a name="_ref_i.1">[i.1] C(2025) 618 final: "COMMISSION IMPLEMENTING DECISION on a standardisation request to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (Cenelec) and the European Telecommunications Standards Institute (ETSI) as regards products with digital elements in support of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)"</a>

- <a name="_ref_i.1">[i.2] Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act)"</a>

# 3 Definition of terms, symbols and abbreviations

For the purposes of the present document, the [following] terms [given in ... and the following] apply:

| Abreviation  | Definition             |

|--------------|-------------------------|

| PKC	       | Public Key Certificate | 

| PKI          | Public Key Infrastructure | 

| TSP	        | Trust Service Provider |

## 3.2 Symbols