CRA FAQ - Vulnerability Handling

🚒 Vulnerability Handling

Understanding vulnerability handling and incident response requirements in the CRA

What is a CSIRT?

CSIRT stands for Computer Security Incident Response Team.

In Europe, there are multiple national CSIRTs which are part of the European Union CSIRTs network.

But Article 12(1) of the NIS 2 Directive states that each European country must designate a single CSIRT to manage coordinated vulnerability disclosures.

In the context of the CRA, that CSIRT is the relevant CISRT that is referenced throughtout the text and defined as the CSIRT designated as coordinator in Article 3(51).

If you are headquartered in Europe, you can easily find the relevant CISRT on the member section of the network's website.

If you are not headquartered in Europe, Article 17(4) explains the criteria manufacturers should use to identify the relevant CSIRT.

Disclaimer

Disclaimer: The information contained in this FAQ is of a general nature only and is not intended to address the specific circumstances of any particular individual or entity. It is not necessarily comprehensive, complete, accurate, or up to date. It does not constitute professional or legal advice. If you need specific advice, you should consult a suitably qualified professional.

Edit on GitHub Go to page

What is ENISA?

ENISA is the European Union Agency for Cybersecurity. Its is headquarted in Athens, Greece.

ENISA supports National and EU authorities, the private sector, and European citizens through various activities.

The role of ENISA is defined in the Cybersecurity Act (CSA).

You can find more information on ENISA's website.

Disclaimer

Edit on GitHub Go to page