Turn regulatory requirements into engineering reality
Comply with confidence
Clause-by-clause mappings for CRA, NIS 2, RED, and IEC 62443. Evidence-ready templates and gap-analysis checklists.
Implement securely
Practical guides for secure boot, threat modeling, SBOM/VEX workflows, and hardening OTA update pipelines.
Operate resiliently
Vulnerability disclosure templates, CI/CD hardening playbooks, and security logging and monitoring guides.
Choose your next step
Start with the task closest to the decision you need to make.
Understand obligations
Get the short version of what the Cyber Resilience Act means for connected products.
Assess readiness
Check product scope, secure-by-design controls, technical documentation, and evidence gaps.
Implement controls
Move from obligations into practical guidance for secure boot, updates, identity, SBOMs, and hardening.
Assemble evidence
Organise the records that show how security decisions were made, tested, released, and maintained.
Get started by role
Choose your path based on your primary responsibilities
Product Owner
Understand your obligations and plan for compliance.
Compliance Lead
Start with regulatory gap analysis.
Firmware Engineer
Jump into secure implementation.
Open source & community-driven
This handbook is developed in the open with contributions from security practitioners, compliance experts, and engineers building connected devices worldwide.
Stay updated
Cyber-resilience regulations are evolving rapidly. Get notified when we publish new implementation guides and regulatory updates.
Latest News