IT-säkerhet

This document provides the terms and definitions commonly used in the cybersecurity requirements for products with digital elements family of standards.

This document specifies general cybersecurity principles and general risk management activities for all products with digital elements, hereafter also referred to as 'products'. This document covers every stage of the product lifecycle to ensure and maintain an appropriate level of cybersecurity based on the risks. This document also provides generic elements to support the development of coherent product-category-specific standards (vertical standards). This document: — establishes generic cybersecurity principles applicable to all stages of the product lifecycle; — specifies requirements for risk assessment and treatment of cybersecurity risks; — specifies requirements on activities that can be applied to ensure an appropriate level of cybersecurity at every phase of the product lifecycle; — provides elements and considerations for product category specific standards in order to facilitate a harmonized approach. This document does not provide vertical product category specific activities and elements.