The Cyber Resilience Act (CRA) takes effect today
Introducing new regulations for manufacturers of embedded devices and critical software. As the Cyber Resilience Act comes into effect, device makers need to be proactive in preparing for the upcoming changes. Although you have until 2027 to prepare, it’s important to start planning now.
Key actions for compliance include:
- Implement a secure, automated software update system for all device components.
- Monitor software and dependencies for vulnerabilities using scanning tools and CVE databases.
- Develop a risk profile to focus on critical vulnerabilities.
- Implement technical measures, such as encryption and Secure Boot, to mitigate risks.
- Designate a security contact point and establish clear vulnerability disclosure policies.
- Generate and maintain a Software Bill of Materials (SBOM) to track all software components.
Starting early on these requirements will ease future compliance and reduce the risk of costly recalls.
For more details refer: https://www.torizon.io/blog/eu-cyber-resilience-act-enters-into-force