The European Union's Cyber Resilience Act (CRA) is a landmark regulation designed to enhance the cybersecurity of digital products with elements of digital content placed on the EU market. It establishes essential cybersecurity requirements for manufacturers, importers, and distributors, aiming to create a more secure digital ecosystem for consumers and businesses. This legislation will have a profound impact on the development and deployment of connected devices and software.
Why is the CRA important?
In an increasingly digital world, cybersecurity threats are becoming more frequent and sophisticated. The CRA addresses the growing vulnerabilities in digital products, ensuring that they are designed and maintained with adequate security measures. This is crucial for protecting against cyberattacks, data breaches, and other security incidents that can compromise user safety and privacy.
Why Brightsight?
At Brightsight we assist manufacturers in navigating the complexities of the CRA. We offer comprehensive security evaluation services to assess the compliance of digital products against the requirements outlined in the Act. Our expertise spans a wide range of product categories, including IoT devices, software, and connected hardware.
Our evaluation process involves a rigorous assessment of product security, encompassing vulnerability analysis, penetration testing, and compliance checks against the CRA's essential requirements. We provide detailed reports that offer actionable insights and recommendations, enabling manufacturers to address potential security weaknesses and demonstrate compliance.
Our CRA services include:
General CRA framework workshop (2 hours)
Gain a foundational understanding of the European Union’s Cyber Resilience Act (CRA) through our comprehensive introductory workshop.
This session provides a clear overview of the regulation’s timelines, scope and key content. Participants will gain insights into the essential requirements and the strategic implications for their organization.
Product-specific CRA gap assessment
Utilize our expertise to thoroughly assess your product(s) gaps against the CRA requirements.
This service contains a review of your existing documentation and processes against the CRA requirements in order to identify any discrepancies or gaps. It also includes a risk analysis review.
As output, our gap assessment offers actionable insights for remediation, helping you determine which CRA requirements your product conforms to and which ones it fails, and so needs improvement.
CRA-ready certification
Upon a successful completion of the product-specific GAP assessment and after a closure of identified gaps, we offer a “CRA-ready” certificate.
This certification reflects the current status of your product’s alignment with the CRA essential requirements.
The findings from our gap assessment may also be leveraged during future conformity assessments with Notified Conformity Assessment Bodies (CABs), streamlining your product’s certification process.
Product-specific CRA workshop with regulatory focus (4-6 hours)
Building upon the general CRA framework, this in-depth workshop delves into the specific implications of the CRA for your organization’s product(s).
Gain a full understanding of the CRA requirements that are already covered by the product-related standards and the CRA requirements that require further product-specific assessment.
This session includes the core content of the general workshop, augmented by 2-4 hours dedicated to:
- Your product focus: A detailed analysis of how the CRA applies to your specific product(s).
- Standard mapping relevant for European and international product standards (for example: PCI, Common Criteria, GBIC, RED) against the specific requirements of the CRA.
- GAP analysis: Identifying potential gaps between the existing product standards and the mandatory requirements of the CRA.
CRA support
Our CRA services include:
General CRA framework workshop (2 hours)
Gain a foundational understanding of the European Union’s Cyber Resilience Act (CRA) through our comprehensive introductory workshop.
This session provides a clear overview of the regulation’s timelines, scope and key content. Participants will gain insights into the essential requirements and the strategic implications for their organization.
Product-specific CRA workshop with regulatory focus (4-6 hours)
Building upon the general CRA framework, this in-depth workshop delves into the specific implications of the CRA for your organization’s product(s).
Gain a full understanding of the CRA requirements that are already covered by the product-related standards and the CRA requirements that require further product-specific assessment.
This session includes the core content of the general workshop, augmented by 2-4 hours dedicated to:
- Your product focus: A detailed analysis of how the CRA applies to your specific product(s).
- Standard mapping relevant for European and international product standards (for example: PCI, Common Criteria, GBIC, RED) against the specific requirements of the CRA.
- GAP analysis: Identifying potential gaps between the existing product standards and the mandatory requirements of the CRA.
Product-specific CRA gap assessment
Utilize our expertise to thoroughly assess your product(s) gaps against the CRA requirements.
This service contains a review of your existing documentation and processes against the CRA requirements in order to identify any discrepancies or gaps. It also includes a risk analysis review.
As output, our gap assessment offers actionable insights for remediation, helping you determine which CRA requirements your product conforms to and which ones it fails, and so needs improvement.
CRA support
CRA-ready certification
Upon a successful completion of the product-specific GAP assessment and after a closure of identified gaps, we offer a “CRA-ready” certificate.
This certification reflects the current status of your product’s alignment with the CRA essential requirements.
The findings from our gap assessment may also be leveraged during future conformity assessments with Notified Conformity Assessment Bodies (CABs), streamlining your product’s certification process.
Everything you need to know about the Cyber Resilience Act
Together, we need to reduce the risk that hackers can compromise the security of a connected device.
Subscribe to the Brightsight newsletter, and we will send you our latest publication detailing what you need to know about the Cyber Resilience Act and how we can help you achieve compliance.
