Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
3. A manufacturer shall notify any severe incident having an impact on the security of the product with digital elements that it becomes aware of simultaneously to the CSIRT designated as coordinator, in accordance with paragraph 7 of this Article, and to ENISA. The manufacturer shall notify that incident via the single reporting platform established pursuant to Article 16.
4. For the purposes of the notification referred to in paragraph 3, the manufacturer shall submit:
(a) an early warning notification of a severe incident having an impact on the security of the product with digital elements, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it, including at least whether the incident is suspected of being caused by unlawful or malicious acts, which shall also indicate, where applicable, the Member States on the territory of which the manufacturer is aware that their product with digital elements has been made available;
(b) unless the relevant information has already been provided, an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be;
(c) unless the relevant information has already been provided, a final report, within one month after the submission of the incident notification under point (b), including at least the following:
(i) a detailed description of the incident, including its severity and impact;
(ii) the type of threat or root cause that is likely to have triggered the incident;
(iii) applied and ongoing mitigation measures.
Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
3. A manufacturer shall notify any severe incident having an impact on the security of the product with digital elements that it becomes aware of simultaneously to the CSIRT designated as coordinator, in accordance with paragraph 7 of this Article, and to ENISA. The manufacturer shall notify that incident via the single reporting platform established pursuant to Article 16.
4. For the purposes of the notification referred to in paragraph 3, the manufacturer shall submit:
(a) an early warning notification of a severe incident having an impact on the security of the product with digital elements, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it, including at least whether the incident is suspected of being caused by unlawful or malicious acts, which shall also indicate, where applicable, the Member States on the territory of which the manufacturer is aware that their product with digital elements has been made available;
(b) unless the relevant information has already been provided, an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be;
(c) unless the relevant information has already been provided, a final report, within one month after the submission of the incident notification under point (b), including at least the following:
(i) a detailed description of the incident, including its severity and impact;
(ii) the type of threat or root cause that is likely to have triggered the incident;
(iii) applied and ongoing mitigation measures.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
