EU Cyber Resilience Act (English).
- Seminar
- Präsenz / Virtual Classroom
- Zurzeit keine Termine
- 16 Unterrichtseinheiten
- Teilnahmebescheinigung
Requirements of the CRA for Product Manufacturers
The EU Cyber Resilience Act (CRA) is an EU regulation and applies to products with digital elements placed on the European market. The CRA imposes binding requirements for products intended for consumer use and those integrated into industrial and critical infrastructure.
Key objective of this regulation is to achieve product security throughout the entire product life cycle, including design and development practices and security updates. Furthermore, it defines clear responsibilities for the manufacturers, importers and distributors.
Manufacturers will have to undergo Conformity Assessment Procedures for certain products to demonstrate conformity. Also, importers and distributors have to demonstrate that products they put on the market meet the requirements of the CRA. In the event of non-compliance, the products may not be placed on the market and economic operators also face considerable fines.
Nutzen
- This seminar will provide participants with necessary and deep knowledge on how to successfully implement the requirements of the CRA and thus improve Cybersecurity in their organisation.
- Details, timelines and practical approaches will be explained by our experienced TÜV Rheinland experts/trainers so participants can transform this knowledge into their daily work life
Zielgruppe
Manufacturers of products with digital elements, importers, distributors, software providers.
Anforderungen
No special knowledge is required.
Inhalte
CRA Intro & Scope of application
- EU Cybersecurity Strategy
- CE Marking concept / new approach rules
- CRA scope
- Products out of scope
- Application timeline and transitional provisions
- Application examples
- Legacy products placing on the market
- Product Replacement / Spare Parts
- Relations with other EU Regulations for products (MD, RED, etc.)
Conformity Assessment Procedures
- Requirements for products with digital elements
- Product Categories
- Product Classification
- Conformity Assessment Procedures
- Conformity with the requirements
- EU Declaration of Conformity & CE Marking
- Market Surveillance and Enforcement
Roles and Obligation
- Obligations of manufacturers
- Importer and distributors obligations
- Authorized Representative
- Penalties
Secure Design
- Threat model
- Product Secure Development lifecycle
- Security Requirement Specifications
- Typical Security Requirements
- Threat examples
- Software Architecture Design and models
- Data resources
- Secure Coding
Technical Requirements
- Mechanisms to reach and demonstrate conformity
- Examples of possible issues caused by nonconformity
Vulnerability Handling Requirements
- Ensuring Security from Market Entry to End-of-Life
- Identification and Documentation of Vulnerabilities
- Software Bill of Materials (SBOM)
- Incident Reporting
- Lifecycle Support
- Risk Assessments and documentation
- Security Testing
- Public Disclosure of Fixed Vulnerabilities
Referenced Standards for CRA
- Harmonized Standards and status of standardization IEC 62443
- ETSI EN 303 645
- ISO 2700x
- IEC 30111
- IEC 29147
Open Source
- Open-source software risk and management
- Obligations of open-source software stewards
- Security attestation of free and open-source software
Technical and User Documentation
- Instructions to the user
- Technical Documentation
CRA Compliance
- CRA requirements implementation guidance
- Recommendations
