nkSRPS EN 40002:2026

Essential cybersecurity requirements for products - Part 11: Hardware Devices with Security Boxes incorporating a hardware physical envelope and designed to provide security functions such as secure storage and cryptographic operations in an open environment

Scope

This document covers the line 39 of the CRA standardisation request and provides:
• General description of products and its components belonging to HWSB category, including – amongst other:
o A structured description of that product category:
 Common characteristics of HWSB products with a hardware envelope, internal HW and SW
 Description of representative products using these common characteristics
o Identification of the various types of HWSB;
o Intended purpose and reasonably foreseeable use;
o Identification of the HWSB which are excluded from that category
o delineation and interplay with the other categories in which HWSB could fall in.
• Description of the typical life cycle;
• Scope of application and relevance of cybersecurity essential requirements;
• Definition of applicable risk profiles to be considered for these HWSB, which will define the security requirements and assessment methodologies to be applied;
• Applicable security requirements ensuring fulfillment of the essential requirements for each risk profile;
• Provide criteria to determine applicable risk profile;

A base document is provided:
• defining the risk profiles;
• identifying initial cybersecurity security requirements.

Related directives

NOTE: If the word "harmonized" (marked in green) is not found in the field with the name of the directive, it means that the European standard is not cited in the OJEU.