Skip to main content
Back
NEW

prEN 304 618 V0.2.2

Cyber Security (CYBER); CRA; Cybersecurity requirements for password managers

General information

Draft
Base Documents
Draft ETSI EN 304 618 V0.2.2
Directives or regulations
None
You can view draft standards in the Commenting portal🡭.

Standard history

Status
Date
Type
Name
The present document specifies technical requirements and corresponding assessment criteria for password managers related to cybersecurity. The products with digital elements in scope, thereafter "the product":
• are specified within the "technical description" of the "category of product" number "NN" by the Commission Implementing Regulation (EU) 2025/2392 as:
"Products with digital elements that store passwords, locally on a device or on a remote server, including activities such as generation of passwords as well as password sharing and integration with local or third-party applications for usage of passwords.
This category includes but is not limited to local password managers, password managers provided as browser extensions, enterprise password managers as well as hardware-based password managers".
• are only covered within the product context described in clause 4.
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the Regulation (EU) 2024/2847, Annex I Part I under the conditions identified in annex A.
Password Managers: a subset of identity and access management systems. For other types of authentication mechanisms, see the IAM standard prEN 40000-10 currently drafted by CEN TC 224. Consult clause 3.1 for the product definition.

Required fields are indicated with *

*
*
*
Standard monitoring