keyboard_tab Cyber Resilience Act 2023/2841 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 2 Art. 14 Guidelines, recommendations and calls for action
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
MEASURES FOR A HIGH COMMON LEVEL OF CYBERSECURITY
CHAPTER III
INTERINSTITUTIONAL CYBERSECURITY BOARD
CHAPTER IV
CERT-EU
CHAPTER V
COOPERATION AND REPORTING OBLIGATIONS
CHAPTER VI
FINAL PROVISIONS
- Union entities
- network and information system
- security of network and information systems
- cybersecurity
- highest level of management
- near miss
- incident
- major incident
- large-scale cybersecurity incident
- incident handling
- cyber threat
- significant cyber threat
- vulnerability
- cybersecurity risk
- cloud computing service
- cybersecurity 9
- union_entities 5
- common 4
- measures 4
- recommendations 3
- action 3
- arrangements 3
- security 3
- article 2
- appropriate 2
- addressed 2
- iicb 2
- proposals 2
- maturity 2
- including 2
- guidelines 2
- urgent 2
- calls 2
- support 2
- shall 2
- taking 1
- architecture 1
- technology 1
- plans 1
- assessments 1
- risk-management 1
- risk 1
- management 1
- source 1
- improvements 1
- into 1
- account 1
- entities’ 1
- posture 1
- open 1
- coordinated 1
- associated 1
- procurement 1
- information-sharing 1
- suppliers 1
- third-party 1
- from 1
- products 1
- services 1
- relevant 1
- purchasing 1
- instruments 1
- facilitate 1
- best 1
- information 1
Article 14
Guidelines, recommendations and calls for action
1. CERT-EU shall support the implementation of this Regulation by issuing:
(a) | calls for action describing urgent security measures that Union_entities are urged to take within a set timeframe; |
(b) | proposals to the IICB for guidelines addressed to all or a subset of the Union_entities; |
(c) | proposals to the IICB for recommendations addressed to individual Union_entities. |
With regard to the first subparagraph, point (a), the Union entity concerned shall, without undue delay after receiving the call for action, inform CERT-EU of how the urgent security measures were applied.
2. Guidelines and recommendations may include:
(a) | common methodologies and a model for assessing the cybersecurity maturity of the Union_entities, including the corresponding scales or KPIs, serving as reference in support of continuous cybersecurity improvement across the Union_entities and facilitating the prioritisation of cybersecurity domains and measures taking into account entities’ cybersecurity posture; |
(b) | arrangements for or improvements to cybersecurity risk management and the cybersecurity risk-management measures; |
(c) | arrangements for cybersecurity maturity assessments and cybersecurity plans; |
(d) | where appropriate, the use of common technology, architecture, open source and associated best practices with the aim of achieving interoperability and common standards, including a coordinated approach to supply chain security; |
(e) | where appropriate, information to facilitate the use of common procurement instruments for the purchasing of relevant cybersecurity services and products from third-party suppliers; |
(f) | information-sharing arrangements pursuant to Article 20. |
whereas