keyboard_tab Cyber Resilience Act 2023/2841 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 1 Art. 14 Guidelines, recommendations and calls for action
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
MEASURES FOR A HIGH COMMON LEVEL OF CYBERSECURITY
CHAPTER III
INTERINSTITUTIONAL CYBERSECURITY BOARD
CHAPTER IV
CERT-EU
CHAPTER V
COOPERATION AND REPORTING OBLIGATIONS
CHAPTER VI
FINAL PROVISIONS
- Union entities
- network and information system
- security of network and information systems
- cybersecurity
- highest level of management
- near miss
- incident
- major incident
- large-scale cybersecurity incident
- incident handling
- cyber threat
- significant cyber threat
- vulnerability
- cybersecurity risk
- cloud computing service
- cybersecurity 18
- union_entities 10
- common 8
- measures 8
- recommendations 6
- action 6
- arrangements 6
- security 6
- article 4
- appropriate 4
- addressed 4
- iicb 4
- proposals 4
- maturity 4
- including 4
- guidelines 4
- urgent 4
- calls 4
- support 4
- shall 4
- taking 2
- architecture 2
- technology 2
- plans 2
- assessments 2
- risk-management 2
- risk 2
- management 2
- source 2
- improvements 2
- into 2
- account 2
- entities’ 2
- posture 2
- open 2
- coordinated 2
- associated 2
- procurement 2
- information-sharing 2
- suppliers 2
- third-party 2
- from 2
- products 2
- services 2
- relevant 2
- purchasing 2
- instruments 2
- facilitate 2
- best 2
- information 2
Article 14
Guidelines, recommendations and calls for action
1. CERT-EU shall support the implementation of this Regulation by issuing:
(a) | calls for action describing urgent security measures that Union_entities are urged to take within a set timeframe; |
(b) | proposals to the IICB for guidelines addressed to all or a subset of the Union_entities; |
(c) | proposals to the IICB for recommendations addressed to individual Union_entities. |
With regard to the first subparagraph, point (a), the Union entity concerned shall, without undue delay after receiving the call for action, inform CERT-EU of how the urgent security measures were applied.
2. Guidelines and recommendations may include:
(a) | common methodologies and a model for assessing the cybersecurity maturity of the Union_entities, including the corresponding scales or KPIs, serving as reference in support of continuous cybersecurity improvement across the Union_entities and facilitating the prioritisation of cybersecurity domains and measures taking into account entities’ cybersecurity posture; |
(b) | arrangements for or improvements to cybersecurity risk management and the cybersecurity risk-management measures; |
(c) | arrangements for cybersecurity maturity assessments and cybersecurity plans; |
(d) | where appropriate, the use of common technology, architecture, open source and associated best practices with the aim of achieving interoperability and common standards, including a coordinated approach to supply chain security; |
(e) | where appropriate, information to facilitate the use of common procurement instruments for the purchasing of relevant cybersecurity services and products from third-party suppliers; |
(f) | information-sharing arrangements pursuant to Article 20. |
Article 14
Guidelines, recommendations and calls for action
1. CERT-EU shall support the implementation of this Regulation by issuing:
(a) | calls for action describing urgent security measures that Union_entities are urged to take within a set timeframe; |
(b) | proposals to the IICB for guidelines addressed to all or a subset of the Union_entities; |
(c) | proposals to the IICB for recommendations addressed to individual Union_entities. |
With regard to the first subparagraph, point (a), the Union entity concerned shall, without undue delay after receiving the call for action, inform CERT-EU of how the urgent security measures were applied.
2. Guidelines and recommendations may include:
(a) | common methodologies and a model for assessing the cybersecurity maturity of the Union_entities, including the corresponding scales or KPIs, serving as reference in support of continuous cybersecurity improvement across the Union_entities and facilitating the prioritisation of cybersecurity domains and measures taking into account entities’ cybersecurity posture; |
(b) | arrangements for or improvements to cybersecurity risk management and the cybersecurity risk-management measures; |
(c) | arrangements for cybersecurity maturity assessments and cybersecurity plans; |
(d) | where appropriate, the use of common technology, architecture, open source and associated best practices with the aim of achieving interoperability and common standards, including a coordinated approach to supply chain security; |
(e) | where appropriate, information to facilitate the use of common procurement instruments for the purchasing of relevant cybersecurity services and products from third-party suppliers; |
(f) | information-sharing arrangements pursuant to Article 20. |
whereas