GPDR
Privatumo politika

Būtini slapukai

Būtini slapukai įgalina pagrindines tinklapio funkcijas.Svetainė negali tinkamai veikti be šių slapukų, juos galima išjungti tik pakeitus naršyklės nuostatas.

Statistikos slapukai

Analitiniai slapukai padeda mums tobulinti mūsų tinklalapį, renkant ir pateikiant informaciją apie jo naudojimą.

El. pašto prenumerata

projektai-lsd Lietuvos standartizacijos departamentas
Standartų projektų portalas
Registruotis

prEN 40000-1-3

Produktų su skaitmeniniais elementais kibernetinio saugumo reikalavimai. 1-3 dalis. Pažeidžiamumo valdymas

Standarto projektas Naujas
Komentavimo iki data 2026-02-15
Eksportuoti komentarus

Projekto etapai

1. Prioritetinių darbo temų pažymėjimas ir ekspertų skyrimas
2. Projektas
3. Viešoji apklausa
Nuo 2025-12-19 iki 2026-02-15
4. Closure of enquiry
5. Submission to Formal Vote

Organizacija

CEN Europos standartizacijos komitetas

ICS

35.030 - IT saugumas

Technikos komitetas

TK 79 Informacijos saugumas

Užsienio technikos komitetas

CEN/CLC/JTC 13

Komentarų skaičius

0

Komentavimo pradžia

2025-12-19

Taikymo sritis

This standards shall provide specifications applicable to vulnerability handling processes, covering all relevant product categories, to be put in place by manufacturers of the products with digital elements. Those processes shall at least allow to: (a) identify and document vulnerabilities and components contained in the product, including by drawing up a software bill of materials in a commonly used and machinereadable format covering at the very least the top-level dependencies of the product; (b) in relation to the risks posed to the products with digital elements, address and remediate vulnerabilities without delay, including by providing security updates; where technically feasible, new security updates shall be provided separately from functionality updates; (c) apply effective and regular tests and reviews of the security of the product with digital elements; (d) once a security update has been made available, share and publicly disclose information about fixed vulnerabilities, including a description of the vulnerabilities, information allowing users to identify the product with digital elements affected, the impacts of the vulnerabilities, their severity and clear and accessible information helping users to remediate the vulnerabilities; in duly justified cases, where manufacturers consider the security risks of publication to outweigh the security benefits, they may delay making public information regarding a fixed vulnerability until after users have been given the possibility to apply the relevant patch; (e) put in place and enforce a policy on coordinated vulnerability disclosure; (f) take measures to facilitate the sharing of information about potential vulnerabilities in their product with digital elements as well as in third party components contained in that product, including by providing a standardised contact address for the reporting of the vulnerabilities discovered in the product with digital elements; (g) provide for mechanisms to securely distribute updates for products with digital elements to ensure that vulnerabilities are fixed or mitigated in a timely manner, and, where applicable for security updates, in an automatic manner; (h) ensure that, where security updates are available to address identified security issues, they are disseminated without delay and, unless otherwise agreed between manufacturer and business user in relation to a tailor-made product with digital elements, free of charge, accompanied by advisory messages providing users with the relevant information, including on potential action to be taken.