keyboard_tab Cyber Resilience Act 2023/2841 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- Art. 1 Subject matter
- Art. 2 Scope
- Art. 3 Definitions
- Art. 4 Processing of personal data
- Art. 5 Implementation of measures
- Art. 6 Cybersecurity risk-management, governance and control framework
- Art. 7 Cybersecurity maturity assessments
- Art. 8 Cybersecurity risk-management measures
- Art. 9 Cybersecurity plans
- Art. 10 Interinstitutional Cybersecurity Board
- Art. 11 Tasks of the IICB
- Art. 12 Compliance
- Art. 13 CERT-EU mission and tasks
- Art. 14 Guidelines, recommendations and calls for action
- Art. 15 Head of CERT-EU
- Art. 16 Financial and staffing matters
- Art. 17 Cooperation of CERT-EU with Member State counterparts
- Art. 18 Cooperation of CERT-EU with other counterparts
- Art. 19 Information handling
- Art. 20 Cybersecurity information-sharing arrangements
- Art. 21 Reporting obligations
- Art. 22 Incident response coordination and cooperation
- Art. 23 Management of major incidents
- Art. 24 Initial budgetary reallocation
- Art. 25 Review
- Article 26 Entry into force
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
MEASURES FOR A HIGH COMMON LEVEL OF CYBERSECURITY
CHAPTER III
INTERINSTITUTIONAL CYBERSECURITY BOARD
CHAPTER IV
CERT-EU
CHAPTER V
COOPERATION AND REPORTING OBLIGATIONS
CHAPTER VI
FINAL PROVISIONS
- Union entities
- network and information system
- security of network and information systems
- cybersecurity
- highest level of management
- near miss
- incident
- major incident
- large-scale cybersecurity incident
- incident handling
- cyber threat
- significant cyber threat
- vulnerability
- cybersecurity risk
- cloud computing service
- cybersecurity 9
- union_entities 5
- common 4
- measures 4
- recommendations 3
- action 3
- arrangements 3
- security 3
- article 2
- appropriate 2
- addressed 2
- iicb 2
- proposals 2
- maturity 2
- including 2
- guidelines 2
- urgent 2
- calls 2
- support 2
- shall 2
- taking 1
- architecture 1
- technology 1
- plans 1
- assessments 1
- risk-management 1
- risk 1
- management 1
- source 1
- improvements 1
- into 1
- account 1
- entities’ 1
- posture 1
- open 1
- coordinated 1
- associated 1
- procurement 1
- information-sharing 1
- suppliers 1
- third-party 1
- from 1
- products 1
- services 1
- relevant 1
- purchasing 1
- instruments 1
- facilitate 1
- best 1
- information 1
Article 14
Guidelines, recommendations and calls for action
1. CERT-EU shall support the implementation of this Regulation by issuing:
| (a) | calls for action describing urgent security measures that Union_entities are urged to take within a set timeframe; |
| (b) | proposals to the IICB for guidelines addressed to all or a subset of the Union_entities; |
| (c) | proposals to the IICB for recommendations addressed to individual Union_entities. |
With regard to the first subparagraph, point (a), the Union entity concerned shall, without undue delay after receiving the call for action, inform CERT-EU of how the urgent security measures were applied.
2. Guidelines and recommendations may include:
| (a) | common methodologies and a model for assessing the cybersecurity maturity of the Union_entities, including the corresponding scales or KPIs, serving as reference in support of continuous cybersecurity improvement across the Union_entities and facilitating the prioritisation of cybersecurity domains and measures taking into account entities’ cybersecurity posture; |
| (b) | arrangements for or improvements to cybersecurity risk management and the cybersecurity risk-management measures; |
| (c) | arrangements for cybersecurity maturity assessments and cybersecurity plans; |
| (d) | where appropriate, the use of common technology, architecture, open source and associated best practices with the aim of achieving interoperability and common standards, including a coordinated approach to supply chain security; |
| (e) | where appropriate, information to facilitate the use of common procurement instruments for the purchasing of relevant cybersecurity services and products from third-party suppliers; |
| (f) | information-sharing arrangements pursuant to Article 20. |
whereas