Draft Details

Number:Draft ETSI EN 304 636 V1.0.0 (2026-07)
Source:NSAI
Committee:NSAI/TC 2
Committee name:ICT
Review published:13 Jul 2026
Review end date:05 Sep 2026
Categories:General
Contact email:nepadmin(at)nsai.ie
Draft Scope:

The present document specifies vulnerability handling activities, technical requirements and corresponding assessment 
criteria for firewalls, intrusion detection systems, and intrusion prevention systems related to cybersecurity. The 
products with digital elements in scope: 
• are specified within the "technical description" of the "category of product" in Class II, point 2 by the 
Commission Implementing Regulation (EU) 2025/2392 [i.2] of 28 November 2025 on the technical 
description of the categories of important and critical products with digital elements pursuant to Regulation 
(EU) 2024/2847 of the European Parliament and of the Council [i.1] as: - - - 
"Firewalls are products with digital elements that protect a connected network or system from 
unauthorised access by monitoring and restricting data communication traffic to and from that network. 
This category includes but is not limited to network firewalls and application firewalls such as web 
application firewalls or filters and anti-spam gateways."; 
"Intrusion detection systems are products with digital elements that monitor traffic once it has entered the 
network environment for suspicious activity and detect or identify that an intrusion has been attempted, 
is occurring, or has occurred on a connected network or system. 
This category includes but is not limited to network-based intrusion detection systems and host-based 
intrusion detection systems."; 
"Intrusion prevention systems are products with digital elements composed of an intrusion detection 
system that actively responds to an intrusion to a connected network or system. 
This category includes but is not limited to network-based intrusion prevention systems and host-based 
intrusion prevention systems."; 
• are only covered within the product context described in clause 4. 
The present document covers those products to demonstrate compliance with the essential cybersecurity requirements 
of Regulation (EU) 2024/2847 [i.1], Annex I Part I, under the conditions identified in Annex A. 
Firewalls, intrusion detection systems, and intrusion prevention systems fall within the scope of the present document, 
whether deployed as physical appliances or software. The present document applies when the intended purpose or 
reasonably foreseeable use involves monitoring, analysing, or controlling network traffic for security purposes. 
Products that detect access attempts made without authorisation, identify malicious activity, or enforce traffic controls 
to protect networks and systems from intrusions are within scope. 
Firewalls, intrusion detection systems, and intrusion prevention systems intended for use in the industrial OT 
(Operational Technology) domain are excluded from the scope of the present document, see prEN 50770-1 [i.7]. 
The present document does not specify how products detect threats, classify traffic, or implement inspection algorithms. 
Detection accuracy rates, false positive thresholds, and signature effectiveness metrics are outside scope. Security 
requirements for the robustness of protocol parsing engines, the integrity of inspection processes, and vulnerability 
management remain within scope.

You may comment on any clause of this document. Simply enter the clause number, make your comment and your proposed changed text for each clause, subclause, paragraph, table or figure.

All comments are checked by a moderator before they are made public on the site. This is to ensure that improper language or marketing is not placed on the site – we will not judge or modify technical content. Similarly, we will not correct your grammar or spelling