nkSRPS EN 18037-2:2026

Guidelines on a sectoral cybersecurity assessment - Part 2: Application of sectoral cybersecurity assessment results by ICT product manufacturers

Scope

This document provides guidance for sectoral stakeholders and product manufacturers in generating ICT product-relevant information based on EN 18037.
Sectoral stakeholders are supported in applying the risk and cybersecurity assessment methodology so that the information needs of product manufacturers are covered by the sectoral assessment report.
Product manufacturers receive guidance in using methodology according to EN 18037 for own assumptions of their ICT product’s sector-specific risks and security requirements.
This document uses a step-by-step approach for guiding sectoral stakeholders and product manufacturers through the assessment. For each step, the relevant information provided by EN 18037 is summarized or referenced and the enhancements or clarifications in support of the information needs of the ICT product manufacturers are pointed out.
From the perspective of product manufacturers, the re-use of existing product-specific specifications and certification tools is of particular relevance. Therefore, this document provides guidance how the results of sectoral assessments according to EN 18037 can be connected with these specifications and tools.