Resources
Resources are the practical support layer for product teams turning secure-by-design guidance into readiness checks, evidence packs, reusable examples, hardware choices, and lessons from real vulnerabilities.
Use this section when you need to assess CRA readiness, assemble evidence, reuse example documents, choose secure hardware, understand cryptography expectations, or learn from real product failures.
For legal and regulatory context, use Standards. For engineering guidance, use Implementation. For product and tooling categories, use Tools.
If you are not sure where to begin, choose the task closest to the decision you are trying to make.
Choose Your Task
| If you need to... | Start with | Also useful |
|---|---|---|
| Assess CRA readiness | CRA Gap Analysis | Maturity Model |
| Assemble evidence | Secure-by-Design Evidence Pack | Policy Templates |
| Reuse example threat models | Low-Stakes BLE Sensor | Continuous Glucose Monitor, Smart Thermostat |
| Select secure hardware | Types of Embedded Device | STM32 Selection, ESP32 Selection |
| Understand cryptography under the CRA | Cryptography under the CRA | Key Provisioning & Storage, Secure Boot |
| Learn from real vulnerabilities | Real-World Vulnerability Lessons | Contec Patient Monitor, Baxter Connex shared key |
| Understand key concepts | Glossary | Types of Embedded Device |
What Each Resource Group Is For
Assess Readiness
Use the CRA Gap Analysis to identify gaps between current practice and CRA expectations. Use the Secure-by-Design Maturity Model to judge how repeatable your product-security practices are.
Assemble Evidence
Use the Secure-by-Design Evidence Pack to organise technical documentation, test evidence, vulnerability records, and post-market records. Use Policy Templates as starter material for public and internal policies.
Reuse Examples
Use the example threat models when you need a concrete starting point rather than a blank page:
- Low-Stakes BLE Sensor for proportionality in simple products.
- Continuous Glucose Monitor for a safety-relevant connected medical example.
- Smart Thermostat for a common connected consumer product.
Choose Secure Hardware
Use Types of Embedded Device to understand how MCU, MPU, SoC, and hybrid architectures affect security choices. Use the STM32 and ESP32 guides as hardware-selection examples, not as proof that a part or module makes a product compliant by itself.
Understand Cryptography Expectations
Use Cryptography under the CRA when cryptography affects product architecture, update mechanisms, key management, communication security, or technical documentation.
Cryptography guidance can date quickly. Check source dates, draft status, and the exact standard or regulation being referenced before relying on it for a product decision.
Learn From Real Failures
Use the Real-World Vulnerability Lessons hub to choose case studies by failure pattern, control area, and evidence lesson. Start with Baxter LIFE2000, Contec Patient Monitor, or Baxter Connex shared key.
Reference and Background
Use Glossary for shared terminology and Types of Embedded Device for architectural context.
How This Fits the Handbook
- Standards explain the requirements and regulatory context.
- Implementation explains how to build and operate secure controls.
- Tools lists product and tooling categories that may help.
- Resources provides checklists, templates, examples, case studies, hardware-selection guidance, and reference material.