Compliance Readiness Service: Cyber Resilience Act (CRA)
With the Cyber Resilience Act (CRA) coming into force, now is the time to align your products and development processes with European cybersecurity requirements.
Are you ready for compliance?
We are here to help.
What You Will Get
-
Product Catalog Review: We review your product catalog to identify which devices fall under the Cyber Resilience Act (CRA) and group them into families for efficient analysis.
-
Threat Modeling and Risk Assessment: For each family, we conduct threat modeling and risk assessment to define the necessary security requirements.
-
Vulnerability Posture: For a representative device of the family we analyse the vulnerability posture of your device, leveraging ARIANNA platform.
-
Secure Development Life Cycle: Finally, we help you implement a Secure Development Life Cycle (SDLC) with coordinated vulnerability disclosure and incident management - ensuring full CRA compliance by September 11, 2026.​
CRA Readiness: Key Areas of Focus
1
Catalog Review
2
Threat Modeling and Risk Assessment
3
Vulnerability Posture
4
SDLC Integration
Catalog Review ​​
​
​We start with a comprehensive review of your product portfolio to identify which devices fall within the scope of the CRA. Products outside the regulation’s scope are excluded, while the others are grouped into families sharing similar technical and functional characteristics.​
​
OUTPUT: Catalog Analysis Report
Threat Modeling and Risk Assessment​​​
​
For each product family affected by the CRA, we perform threat modeling and risk assessment - the first mandatory step required by both the Cyber Resilience Act and the Radio Equipment Directive (RED) - to identify potential threats, assess vulnerabilities, and define the necessary security requirements.
This phase provides the foundation for a compliant and resilient product design.
​​
OUTPUT: Risk Assessment Report
Vulnerability Posture
For a representative device of the family we analyse the vulnerability posture of your device, leveraging ARIANNA platform, developed to support manufacturers in identifying, classifying, resolving and reporting vulnerabilities through the analysis of the device's HBOM (Hardware Bill of Materials) and SBOM (Software Bill of Materials) against public vulnerability databases.
From a process perspective, we introduce the Secure Development Life Cycle (SDLC) and work with your team to seamlessly integrate it into your existing procedures.
​
​The most time-critical area to address - effective from September 11, 2026 - is the management of third-party vulnerability reporting and the handling of cybersecurity incidents.
​
​​
OUTPUT: ARIANNA Vulnerability Report
Secure Development Life Cycle (SDLC) Integration
​
The CRA introduces the principle of security-by-design, requiring manufacturers to adopt a Secure Development Life Cycle that includes vulnerability and incident management.
To prepare for the first CRA enforcement milestone (September 11, 2026), we support you in defining and implementing a Coordinated Vulnerability Disclosure (CVD) process - ensuring compliance from the very first step.
​
​​​​
OUTPUT: SDLC Document + Coordinated Vulnerability Disclosure Process
Learn more about the
ARIANNA Platform
​
​From hardware to software, the ARIANNA Platform constructs a precise inventory of your device’s components, ensuring comprehensive visibility across the entire device lifecycle. This detailed inventory enables proactive identification and tracking of known vulnerabilities, as well as their evaluation and prompt resolution.
With ARIANNA’s comprehensive approach, you can stay ahead of cybersecurity threats while fully complying with evolving regulatory standards.
​
ARIANNA’s approach to building Device Models (SBOM+HBOM) is unique. By relying on the build procedure, we reach the highest level of accuracy and no false positives. Automation through APIs makes the maintenance of the components effortless, after every update. In addition, by monitoring the hardware, you can be assured of choosing the most secure hardware for your products and keeping this layer secure throughout the entire life cycle.
