Skip to main content

Secure-by-Design Handbook

Authoritative standards breakdowns and practical playbooks for building cyber-resilient connected devices

Turn regulatory requirements into engineering reality

πŸ“‹

Comply with confidence

Clause-by-clause mappings for CRA, NIS 2, RED, and IEC 62443. Evidence-ready templates and gap-analysis checklists.

πŸ”§

Implement securely

Practical guides for secure boot, threat modeling, SBOM/VEX workflows, and hardening OTA update pipelines.

πŸ›‘οΈ

Operate resiliently

Vulnerability disclosure templates, CI/CD hardening playbooks, and security logging and monitoring guides.

Choose your next step

Start with the task closest to the decision you need to make.

Understand obligations

Get the short version of what the Cyber Resilience Act means for connected products.

Assess readiness

Check product scope, secure-by-design controls, technical documentation, and evidence gaps.

Implement controls

Move from obligations into practical guidance for secure boot, updates, identity, SBOMs, and hardening.

Assemble evidence

Organise the records that show how security decisions were made, tested, released, and maintained.

Get started by role

Choose your path based on your primary responsibilities

πŸ—ΊοΈ

Product Owner

Understand your obligations and plan for compliance.

βš–οΈ

Compliance Lead

Start with regulatory gap analysis.

βš™οΈ

Firmware Engineer

Jump into secure implementation.

Open source & community-driven

This handbook is developed in the open with contributions from security practitioners, compliance experts, and engineers building connected devices worldwide.

Stay updated

Cyber-resilience regulations are evolving rapidly. Get notified when we publish new implementation guides and regulatory updates.

Latest News