What are the main topics?
A crucial aspect of the act is ensuring cybersecurity throughout a product’s lifecycle, including defining a support period and providing security updates during that time. Economic operators involved in the supply chain, from manufacturers to distributors, have obligations tailored to their roles.
How can asvin help to implement the requirements from the Cyber Resilience Act (CRA)?
What is the Cyber Resilience Act (CRA) about?
The Cyber Resilience Act (CRA) developed by the EU Commission defines standards for the cyber security of connected devices and thus improves the cyber security of products. It does not matter whether the products are connected to the Internet, communicate with each other or via internal interfaces. The CRA applies not only to finished end products, but also to all preliminary products and components. – In other words, all components of the hardware supply chain.
The Cyber Resilience Act (CRA) regulations apply not only to manufacturers of products with digital elements, but also to distributors and importers.
What measures need to be implemented?
The Cyber Resilience Act requires the establishment of risk-appropriate cybersecurity measures for affected products in the design, development and production phases, as well as during marketing and use.
The types of actions vary depending on criticality.
While around 90% of the affected products can be checked in a self-assessment. A third party assessment should be carried out for Critical Class I devices and must be carried out for Critical Class II devices.