EN 17640:2022/prA1

Fixed-time cybersecurity evaluation methodology for ICT products

General information

10.99 New project approved   Feb 21, 2024

CEN/CENELEC

CEN/CLC/JTC 13 Cybersecurity and Data Protection

European Norm

Scope

The scope of EN 17640 remains unchanged, adding the content of composition within:
This document describes a cybersecurity evaluation methodology that can be implemented using pre-defined time and workload
resources, for ICT products. It is intended to be applicable for all three assurance levels defined in the CSA (i.e. basic, substantial and
high).
The methodology is comprised of different evaluation blocks including assessment activities that comply with the evaluation
requirements of the CSA for the mentioned three assurance levels. Where appropriate, it can be applied both to 3rd party evaluation
and self-assessment.

Life cycle

PREVIOUSLY

PUBLISHED
EN 17640:2022

NOW

IN_DEVELOPMENT
EN 17640:2022/prA1
10.99 New project approved
Feb 21, 2024