EU Cyber Resilience Act (CRA)

The European Cyber Resilience Act (CRA) is the European Commission's new law focused on products with digital elements. It is part of a larger cybersecurity framework that already includes similar requirements such as, for example, the EU Cybersecurity Act, NIS Directive, and, in particular, the NIS2 Directive, which the CRA complements.


Cyber Resilience Act Essential Requirements

Below, you'll find a brief overview of the EU Cyber Resilience Act's relevant requirements for embedded device manufacturers.

Product-Specific

According to the CRA, Products must be:

  • Delivered without known vulnerability
  • Include Free Security Patches for at least 5 years, unless the product's estimated lifetime is shorter
  • Protected with a Security-by-Design approach

Handling Vulnerabilities

Device manufacturers must be able to:

  • Provide documentation of the Software used, including the Software Bill of Materials (SBOM)
  • Give early warning in 24h and a full notification in 72h about any vulnerabilities
  • Address vulnerabilities and provide patches with no delay

Information & Instruction

The following details should be readily available and well-documented:

  • The intended use of the product
  • How to remove data from the devices
  • A description of the product's security features


Timeline for CRA

How Torizon Simplifies Compliance with the CRA

Torizon Platform is recognized for its robust build system based on the Uptane Framework, which facilitates the creation of custom Linux distributions for embedded systems, playing a crucial role in the development of secure products and applications. Using the Torizon Platform, you are taking advantage of shared collaboration and established best practices, which meet a key requirement of the CRA, including the Software Bill of Materials (SBOM) and CVE reports.

Software Bill of Materials (SBOM)

You want to know exactly what goes into your Software. We publish the SBOMs and CVE reports on every TorizonCore build. They are readily and publicly available, making it easier to comply with vulnerability-handling and documentation requirements.

Secure Boot

Secure Boot is the process of booting an image from a valid trusted source — related to the authenticity check specification — while ensuring it has not been modified in any way, complying with the CRA's integrity clause.

Proven Security Framework

Torizon is built with automotive-grade security in mind, thanks to its Uptane-based architecture. Along with Secure-Boot, it guarantees that what you think you're installing is indeed what is being installed. Furthermore, it prevents tampering with the image.

Reliable Updates Process

Torizon offers out-of-the-box, over-the-air, or physical offline updates via a USB stick or SD Card. This process is secure and verifiable due to several layers of validation and fallback systems that ensure your devices keep working at all times.

Vulnerability Monitoring

The Torizon security team continuously monitors software for exploitable vulnerabilities, to help you comply with this key requirement of the CRA. Each CVE (often more than 800) undergoes a manual assessment in order to filter out the non-exploitable ones - saving you time and effort compared to managing this process yourself.
Coming Soon

Device Monitoring

The Torizon platform allows you to check in on any unit, at any time. It also allows you to customize the metrics you'd like to keep track of, such as CPU performance, the device's temperature, overall status, and more. This allows you to preempt any vulnerabilities and roll out patches promptly.

Explore Our Recent Related Content

The Cyber Resilience Act is here
Learn More
Getting Ready for the EU Cyber Resilience Act with Security Hardening of U-Boot
Learn More
Get a head start on EU Cyber Resilience Act compliance with Embedded Linux
Watch Now
Are you really ready for the new EU Cyber Resilience Act?
Watch Now

Get in touch with our team

Need help with the Cyber Resilience Act? Just reach out to us!

Built for You

Application Developer

Develop your embedded application on top of a solid foundation and leverage powerful tools.

OS Maintainer

Easily customize the Torizon OS to fit your needs without needing Yocto Project.
Learn More

Tech Lead

Improve your team's efficiency with modern, agile workflow and CI/CD.

Business Leader

Transform your business with faster delivery, more innovation, and lower maintenance costs.
Learn More

Made for Demanding Applications

Industrial Automation and Robotics
Transportation and Agriculture
Test & Measurement
Medical and Healthcare
Smart City

Los geht's

Meinem Team gehören

Torizon ist vollständig in die Toradex-Hardware integriert

Torizon OS läuft auf den meisten unserer neueren Module! Nutzen Sie einen vollständig integrierten Stack und beginnen Sie noch heute mit der Entwicklung.

Die Integration von Torizon ist einfacher als Sie denken!

Torizon OS ist vollständig Open Source! Wir geben Ihnen Referenze, wie Sie es in Ihre eigene Hardware integrieren können. Machen Sie es selbst oder ziehen Sie unsere Partner zu Rate!

Alles, was Sie für den Einstieg brauchen

Um Ihre Evaluierung zu starten, wählen Sie eines der Starter Kits und profitieren Sie von der engen Software-Hardware-Integration.

Nehmen Sie Kontakt mit uns auf

Möchten Sie mehr über Torizon erfahren?

And more...

Webinars
News
Documentation
Blog
Videos
Demos


?Haben Sie eine Frage?
Toradex Community
Kontaktieren Sie uns
Rufen Sie uns in der Seattle an
+1 (800) 871-6550