Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making si

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category

From: Becky Hepper <rebecca.r.hepper@xxxxxxxxxxx>
Date: Mon, 13 Oct 2025 12:25:35 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=seagate.com; dmarc=pass action=none header.from=seagate.com; dkim=pass header.d=seagate.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kIGCI/lDXD8ds8DIsi6vrWtsExrlcQrQ0GqDeqGprtk=; b=Igw0soi4SnSsL7sRv4ibH5HypG+rLWfUZQ82QL6VACCBO+yOPiFD/C+7AsF9QPB67VS/M+Kz2aqjtyojRAZMaE2IKr1Zgmxt52QLxSngAf7oTH6GBPVha1kfSx+stKY8X7n4sMLXk2WuQCJn5uBqS35O7B8EvYL8WndllUemAjTA0N+J+hwFPbK7fs9PfdXvJyU6hh1ARl0QylKPJanLTRnhxXPtX/Pgke1mYtNakfUBsbx1ECTqh4d0Nfx2VA7xOhP83qXl4eShkhzlcEzQMjpeNcWhfepL8zbnB8/vn7m2dWNZNYLQtrN9j5dKN4w81ZJRDCjExrWcBr8ibDjqAQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=TkSae1g3KMkYLpuzQe24Q0tXFkT8HJFYuEuuG/SmDI9XQkfVK4X09G4N95PlEhfXHAWZWzemtJKGgXa7qBJGc2y4jrXUEp0Rm2rLT8UhvhO4pf05YifbuFly08LyciY8Ngrfnimr6KuscLNm4f/FHQ1wXv9xfZzvhTdNMZ8uZfWzgVdFwgpMFCO024QcJwtDf6UOJniAPDKhwiHoUI1e5iaCJTaW9Wp9uSSsvV0Jg4vS+veuPW5i0UkFXBSZVENg0BJDdZAuCHge0TeGEJSpnwANMttaEVHOMaB3p9QA5o93gDWXoyvml6z7G3FjjEWNEDpJEhiAfzgHsVGmkt2eEQ==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
Msip_labels: MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_Enabled=True; MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_SiteId=d466216a-c643-434a-9c2e-057448c17cbe; MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_SetDate=2025-10-13T12:25:31.484Z; MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_Name=Seagate General Information; MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_ContentBits=1; MSIP_Label_56e366eb-86f1-4645-85a7-f29555b26fee_Method=Standard;
Stx-hosted-ironport-oubound: True
Thread-index: AQHcIzxezz1F/IrFaUKUs0wIaVKm47S/I9GAgAEOcoc=
Thread-topic: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category

Is there a way to get a recording of the meeting with Roger Riera?

Best Regards,

Becky Hepper

Seagate General Information

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> on behalf of Juan Rico via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx>
Sent: Sunday, October 12, 2025 3:16 PM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: Juan Rico <juan.rico@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category

This message has originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.

Dear all,

I'm opening this conversation again to confirm that our guest tomorrow in our CRA Monday will be Roger Riera, the author to present and discuss about the approach he proposes. Roger is part of the European Commission’s CRA Expert Group as a Type A member, contributing to the effective implementation of the CRA regulation. He is also technical Manager at Applus+ Laboratories, specialising in hardware security with 10 years of experience in the field.

Looking forward to hearing from him and from all of you:)

See you tomorrow at 16.00 CEST (14.00 UTC) for our Cyber Resilience SIG call and at 17:00 CEST(15.00 UTC). Link to our calendar.

Cheers,

Juan

On Thu, 11 Sept 2025 at 18:51, Alex Talsma (CELA) via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Just looking at the copyright statement, looks like the author may be a member of the CRA Expert Group – very encouraging to see someone in that position out and working on implementation guidance / toolkits.

Alex

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of August Bournique via open-regulatory-compliance
Sent: Thursday, September 11, 2025 5:09 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: August Bournique <august@xxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category

It's interesting for sure. I think it might be missing a few things (or I missed them) such as a discussion of support period requirements, and I couldn't find anything regarding the ability to transfer risk through documentation, something that has come up quite a bit in the vertical standardization efforts.

It's also unclear to me if general products will need to go to this level of documentation, but it's a very neat project.

- August

On Thu, Sep 11, 2025 at 11:32 AM Roman Zhukov via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hi folks,

I'm not sure how many of you have seen this work https://github.com/sCC4CRA/, but this is a brave and nice attempt to flush out a guide for Module A (self-assessment) for Default category PDEs, by making it "the most looking-like" EUCC. I don't necessarily agree with the "certification" anchor and terms, but I think we may want to discuss it at the next ORC meeting to get some learnings, at minimum, as we work on our Whitepapers.

Cheers,

--

Roman Zhukov

Principal Architect - Security Communities Lead

Book time with Roman

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

References:
- [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
  - From: Roman Zhukov
- Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
  - From: August Bournique
- Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category
  - From: Alex Talsma (CELA)
- Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category
  - From: Juan Rico

Prev by Date: [open-regulatory-compliance] ORC open events this week
Next by Date: [open-regulatory-compliance] slightly OT: news sources for following EU regs?
Previous by thread: Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category
Next by thread: [open-regulatory-compliance] Check out the latest ORC blogs
Index(es):
- Date
- Thread

Breadcrumbs