An Audit Evidence Pack is a structured collection of documents, records, and technical artefacts that demonstrates your product's compliance with a given regulation. For the Cyber-Resilience Act (CRA), this pack constitutes the technical documentation that manufacturers are legally required to maintain and provide to market surveillance authorities upon request (CRA Art. 31).
1. Introduction to CI/CD Hardening
The EU Cyber-Resilience Act (CRA) is a landmark law that makes cybersecurity a mandatory, legal requirement for all "products with digital elements" sold in the European Union. For the first time, secure-by-design principles are moving from best practice to a legal obligation, enforced through CE marking.
A Gap Analysis is a critical first step in your journey to compliance with the Cyber-Resilience Act (CRA). It helps you identify the differences ("gaps") between your current security practices and the legal requirements of the regulation.
1. Why the CRA matters now
1. Introduction to Data Privacy
1. Introduction
Getting started with a large compliance framework like the Cyber-Resilience Act (CRA) can be daunting. This checklist is designed to be a practical, actionable guide for development teams and product managers. It breaks down the initial work into concrete tasks that can be planned into your first few agile sprints.
This glossary defines key terms, acronyms, and concepts used throughout the Secure-by-Design Handbook.
1. Introduction to Patch Management
1. Introduction
This section provides ready-to-use templates for common cybersecurity policies required by regulations like the Cyber-Resilience Act (CRA). These are starting points designed to be adapted to your organization's specific needs.
1. Introduction to SBOM & VEX
1. Introduction to Secure Boot
1. Introduction to Secure Configuration
1. Introduction to Secure OTA Updates
1. Introduction
A maturity model is a tool that helps an organization measure the effectiveness and completeness of its practices against a defined standard. This Secure-by-Design (SbD) maturity model is designed to help you assess your product security capabilities, identify gaps, and build a roadmap for continuous improvement.
1. Introduction to Security Logging
1. Introduction
1. Introduction to Threat Modeling
1. Introduction to User Documentation
1. Introduction to Coordinated Vulnerability Disclosure
Secure-by-Design (SbD) is a foundational shift in product development. It mandates that security is a core business requirement, integrated from the very first stages of design and maintained throughout the entire product lifecycle. It is not a technical feature to be added on later.