ENISA publishes CRA requirements-to-standards mapping to support implementation of Annex I essential cybersecurity requirements

ENISA published a “Cyber Resilience Act Requirements Standards Mapping” document mapping CRA requirements to relevant standards. Although non-binding and not an amendment to CRA Annex I, the mapping is directly relevant to implementing and evidencing conformity with Annex I essential cybersecurity requirements by helping manufacturers and compliance teams identify applicable standards and where they support Annex I controls (e.g., security updates, vulnerability handling, and baseline product security measures).