naSRPS EN 40000-10:2026

Essential cybersecurity requirements for products - Part 10: Products with digital elements used in identity management systems and privileged access management software and hardware, including authentication and access control readers, including biometric readers

Scope

This project aims at covering the line 16 of the standardisation request and will provide:
• General description of the Product with digital elements belonging to that category and the product and/or components such Product with digital elements may integrate, including – amongst other:
o detailed description of that product category using in:
 Identity management systems hardware and software are products with digital elements that provide mechanisms for identity lifecycle management, such as identity provisioning, maintenance, authentication, authorisation and deprovisioning, and including associated metadata.
 Privileged access management hardware and software are products with digital elements that authenticate and authorise users or devices, granting or denying access to digital resources or to physical locations.
 This category includes but is not limited to products (hardware, software and communication protocol) with digital elements that have the core functionality of either or both identity management and privileged access management; authentication and access control readers; biometric readers; single sign-on software; federated identity management software, protection and safety management (such as access control, intrusion alarm, CCTV and fire safety systems) and multi-factor authentication software.
o Intended product purpose and reasonably foreseeable use in the above categories;
o Identification of the various types of Products with digital elements;
o Delineation and interplay with the following other categories of Product with digital elements (identified by their line in the standardization request):
 line 17
 line 18
 line 20
 line 24
 line 28
 line 29
 line 32
 line 35
 line 37
 line 38
 line 39
 line 41
• Description of their life cycle;
• Relevance of cybersecurity essential requirements including the cybersecurity assessment requirements;
• Definition of applicable risk profiles to be considered for these Product with digital elements;
• Applicable cybersecurity requirements ensuring fulfillment of the essential requirements for each risk profile;
• Applicable cybersecurity assessment requirements for each risk profile.

A base document is provided
• Defining the risk profiles;
• Identifying initial cybersecurity security requirements.

Related directives

NOTE: If the word "harmonized" (marked in green) is not found in the field with the name of the directive, it means that the European standard is not cited in the OJEU.