Cyberintelligence.institute (CII) and EICAR join forces: Joint development of the new “Product Cybersecurity Standard” (PCS) for more product-related cybersecurity.
Frankfurt, January 23, 2025
Cyberintelligence.institute and the European Expert Group for IT Security (EICAR) present the new “Product Cybersecurity Standard” (PCS). The new security standard for IT products is the further development of the “EICAR Minimum Standard” and aims to actively support the comprehensive implementation of product-related “Security by Design” by defining basic, generally applicable security requirements. The aim of the PCS is not only to generally improve the trustworthiness of IT products, but also to take particular account of the fatal security situation in the IoT sector. CII and EICAR are therefore jointly calling on manufacturers, importers and distributors of IT products to publicly commit to the core values of the PCS. Companies can demonstrate their commitment to greater product-related cyber security by displaying a corresponding seal Without sufficiently secure products, there can be no sufficiently secure processes: Cyber attackers regularly take advantage of the lack of IT security in networked products to successfully compromise IT systems and computer networks. As a result, companies are confronted with security gaps in their IT of which they often have no knowledge or control. In this way, the product-related security risk, which is actually the responsibility of the manufacturer, is passed on to users, which can result in significant cyber threats due to a lack of knowledge and resources. In order to counter this situation, the European Union has introduced regulations such as the Cyber Resilience Act (CRA) to ensure higher security standards for all products with digital elements in future.
The new “Product Cybersecurity Standard” (PCS) supports the implementation of “security by design” in IT products, i.e. the consideration of cybersecurity from the start of development through to their discontinuation from the market, by defining basic requirements that characterize data-secure and data protection-compliant digital and networked products, taking into account the current digital threat situation. On the one hand, such a set of requirements is helpful in the timely preparation of the implementation standards of the CRA, and on the other hand, it supports companies in actively starting to lay the foundations for greater IT security of their products through an initially voluntary public commitment and thus meeting the increased manufacturer responsibility in the area of IT security. In this way, the PCS contributes to more comprehensive product-related cyber security. What does the standard represent and what phases will it go through? The standard defines cross-product requirements for security by design of networked IT products.
Further informations
