Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making si

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [open-regulatory-compliance] [EXTERNAL] Re: The attempt of making simplified CC guide for the CRA Default category

From: "Alex Talsma (CELA)" <alextalsma@xxxxxxxxxxxxx>
Date: Thu, 11 Sep 2025 16:51:34 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6rXamad4nSJa+BAwSD20LIOtWvj3Wyu6KlUBmfi7OkM=; b=KAidg0pDtvk2+xa4qPyxn8Z/aie5mHHGa9hqmvK1Vbc78dQYxAcLF1BEYokFFRRmthg+JhxnwWyy2l0QIpj+RrkRLctoIQlfew4dCMS6JXDbcGKbX6Spw0CqlWVDmu16Q1aKQV0Mfmqi8dL0KWqnj1VP2rAdWl6gvttgVNIqOSKUukbHGTwkfvLnrcHTyBpuRluX+glM7ejcxl9ZiLJ1WTQg60M7bbPcWwvKWT3KH9KiA8AT6dXgrs21KEvqy7JmDEbrO2qI1rdwje/6QV3nURRfV/ocAtz7QN5BCaEVMUOSVN7bXU0kRShD1O1BFIkwfuJPuB4FnLoONmYB6fctmg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=H2Mao0cosml9v4Gu5wS85pXnEMlBsZIbhc8NlKVJmV+TjxLKksqdt3hjtJV966Wz9gGPQXAaDpGRk9BbpHlU1PtTJgD3fLBUuVwzsk1PyKkqqjEV8383Kqn5MDD2/HquEhSQACbN0kzsYz6Y5xNxB+PvWcmJKfgEq4/ewP2EdbdrxnmvDFo2mooRPUFG5BqVrcVo5y7X0EIRsuLMCPStk4ON3V/QsK/SfCBcGcZXz2Z2iM8VP0fvU2lSBb2h6YBqvcnWXA/BqEwuY0QwJ1htWeU9uYcSgKe7KCm5ke0BcpsTrRwlVr2dJUQgSe/uEWtsEHwAuvl3khkEm9hfkTuGBA==
Delivered-to: open-regulatory-compliance@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/open-regulatory-compliance/>
List-help: <mailto:open-regulatory-compliance-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/open-regulatory-compliance>, <mailto:open-regulatory-compliance-request@eclipse.org?subject=unsubscribe>
Msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=855bb142-1137-41e2-ad14-ad3ffbc74095; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2025-09-11T16:49:38Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Tag=10, 3, 0, 1;
Thread-index: AQHcIxTdEPirmdzAKUaQmvrnUSxT47SOMfZA
Thread-topic: [EXTERNAL] Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category

Just looking at the copyright statement, looks like the author may be a member of the CRA Expert Group – very encouraging to see someone in that position out and working on implementation guidance / toolkits.

Alex

From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of August Bournique via open-regulatory-compliance
Sent: Thursday, September 11, 2025 5:09 AM
To: Open Regulatory Compliance Working Group <open-regulatory-compliance@xxxxxxxxxxx>
Cc: August Bournique <august@xxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category

It's interesting for sure. I think it might be missing a few things (or I missed them) such as a discussion of support period requirements, and I couldn't find anything regarding the ability to transfer risk through documentation, something that has come up quite a bit in the vertical standardization efforts.

It's also unclear to me if general products will need to go to this level of documentation, but it's a very neat project.

- August

On Thu, Sep 11, 2025 at 11:32 AM Roman Zhukov via open-regulatory-compliance <open-regulatory-compliance@xxxxxxxxxxx> wrote:

Hi folks,

I'm not sure how many of you have seen this work https://github.com/sCC4CRA/, but this is a brave and nice attempt to flush out a guide for Module A (self-assessment) for Default category PDEs, by making it "the most looking-like" EUCC. I don't necessarily agree with the "certification" anchor and terms, but I think we may want to discuss it at the next ORC meeting to get some learnings, at minimum, as we work on our Whitepapers.

Cheers,

--

Roman Zhukov

Principal Architect - Security Communities Lead

Book time with Roman

_______________________________________________
open-regulatory-compliance mailing list
open-regulatory-compliance@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

References:
- [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
  - From: Roman Zhukov
- Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
  - From: August Bournique

Prev by Date: Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
Next by Date: [open-regulatory-compliance] Minutes from the vulnerability handling task force meeting
Previous by thread: Re: [open-regulatory-compliance] The attempt of making simplified CC guide for the CRA Default category
Index(es):
- Date
- Thread

Breadcrumbs