General

The present document specifies technical requirements and corresponding assessment criteria for password managers 
related to cybersecurity. The products with digital elements in scope, thereafter "the product": 
• are specified within the "technical description" of the "category of product" number "NN" by the Commission 
Implementing Regulation (EU) 2025/2392 [i.2] as:  
"Products with digital elements that store passwords, locally on a device or on a remote server, including 
activities such as generation of passwords as well as password sharing and integration with local or third
party applications for usage of passwords. 
This category includes but is not limited to local password managers, password managers provided as 
browser extensions, enterprise password managers as well as hardware-based password managers". 
• are only covered within the product context described in clause 4. 
The present document covers those products to demonstrate compliance with essential cybersecurity requirements in the 
Regulation (EU) 2024/2847 [i.1], Annex I Part I under the conditions identified in annex A. 
Password Managers: a subset of identity and access management systems.For other types of authentication mechanisms, 
see the IAM standard prEN 40000-10 [i.10] currently drafted by CEN TC 224. Consult clause 3.1 for the product definition.