Not sure whether the Cyber
Resilience Act affects your organisation? This quick check
helps you understand your possible role, affectedness, and next
steps.
Recommended next steps:
Build security into the product lifecycle
- Include cybersecurity in design, development, testing,
release, maintenance and end-of-support planning.
Document product risks before release -
Carry out a cybersecurity risk assessment and use it to
guide product design and security controls.
Secure the product by default - Remove
default passwords, close unused ports and services, enforce
access control, protect data and reduce the attack surface.
Maintain an SBOM (Software Bill of
Materials) - Track open-source and third-party
components and monitor them for known vulnerabilities.
Provide secure updates - Make security
updates available free of charge, distribute them securely
and separate them from feature updates where technically
feasible.
Prepare for CE marking - Complete the
right conformity assessment route, prepare the EU
declaration of conformity and keep the technical
documentation.
