Understanding the Cyber Resilience Act (CRA) Timeline
What are the most important dates related to the CRA that manufacturers, importers or distributors need to keep in mind? Are you prepared?
-
-
EU Commission Releases CRA FAQ in Markdown Format
The European Commission has published the Cyber Resilience Act (CRA) FAQ as a Markdown file. This format is particularly valuable for: The Markdown version of the CRA FAQ is available for download here: Cyber Resilience Act implementation – Frequently asked questions
-
Understanding “Products with Digital Elements” Under the Cyber Resilience Act (CRA)
If you’re evaluating whether your product falls under the Cyber Resilience Act (CRA), you’ve likely encountered the term “Product with Digital Elements” (PDE). This term is central to the CRA, and understanding it is crucial. The Cyber Resilience Act (CRA) defines the scope of its regulations in Article 2, which explicitly references “products with digital…
-
Crisis and Disaster checklist
Incidents such as the blackout in parts of Berlin lasting several days emphasize the importance of personal preparation for crisis and disaster. The German BBK has published checklists for this purpose. The BBK is the German Federal Office of Civil Protection and Disaster Assistance. Personally I don’t prefer to check off such a list on…
-
ISO 27005 Information Security Risk Manager
This month I’ve earned the Information Security Risk Manager. ISO/IEC 27005 certification of rigcert.education. Having multiple years of experience in managing security risks in OT environments according to IEC 62443-3-2, the ISO 27005 provides an extended perspective on risk management. Effective information security risk management is crucial for maintaining secure systems. Failing to properly assess…
-
CRA: Key Takeaways from the EU Commission Webinar
The Cyber Resilience Act (CRA) is a critical piece of legislation designed to enhance product cybersecurity across the EU. If you’re finding it challenging to navigate, you’re not alone – many organizations are seeking clarity on its implications. Last week, the EU Commission hosted an insightful webinar on the CRA, attracting over 2,500 participants from…
-
CRA FAQ
The EU Commission services have just released a comprehensive FAQ to help to demystify the implementation of the Cyber Resilience Act. If the official text left you scratching your head, this 66-page document might be your go-to resource for first practical answers to your questions. Worth a bookmark. Read it here:EU Commission – CRA Implementation
-
CRA: Standardization projects
Currently a lot of standardization projects regarding the CRA are on-going. These standardization projects aim to develop harmonized European standards for the fundamental cybersecurity requirements of the CRA and the requirements regarding vulnerability management (horizontal standards) as well as different product categories (vertical standards). You can find an overview over the currently active standardization projects…
-
ISO 42001 Practitioner certification
This month I’ve earned the ISO/IEC 42001:2023. Artificial intelligence management system practitioner certification of rigcert.education. As AI systems become widely integrated into the business world, securely managing them is increasingly critical. How can organizations ensure the reliability of AI outputs, protect company data from loss, and maintain system availability? These topics—and many others—are addressed by…
-
New Publication: Automated Security Risk Management for trains
Patric Birr and I published an article in SIGNAL+DRAHT, the leading international medium for control and safety technology plus communication and information technology in the railway sector. In the article we propose automating Security Risk Assessments by using digital twins. These allow attack trees to be derived automatically enabling a systematic analysis of potential attack…
