Igor Smith
-
CRA Scope Explained: What Products Are In and Out (Complete Guide)
A practical guide to understanding the scope of the Cyber Resilience Act (CRA). Learn which products are in scope, which are excluded, and how to determine whether your digital product must comply with the CRA.
-
CRA Risk Assessment: Requirements, Methodology & Templates
A complete, in-depth guide to CRA cybersecurity risk assessments. Learn how to meet Annex I, II and VII requirements, structure a compliant analysis, build threat models, document vulnerabilities, evaluate risks, map mitigations and prepare audit-ready technical documentation for Cyber Resilience Act conformity.
-
CRA Conformity Assessment: Internal Control vs Third-Party Assessment (Complete Guide)
Understand how CRA conformity assessment works under the Cyber Resilience Act, including the differences between Internal Control and Third-Party Assessment, when each pathway applies, and what manufacturers must prepare to achieve compliance.
-
CRA Update & Patch Management Requirements: Complete Guide for Manufacturers and Software Teams
The Cyber Resilience Act (CRA) establishes strict and detailed update and patch management requirements for all Products with Digital Elements (PDEs). These obligations ensure that products remain secure throughout their lifecycle, even after they are placed on the EU market. This guide explains the complete set of update requirements introduced by the CRA, including secure…
-
CRA Vulnerability Handling Requirements (Annex I – Section 2): Complete Guide for Manufacturers and IoT Vendors
The Cyber Resilience Act (CRA) introduces stringent vulnerability handling obligations for all Products with Digital Elements (PDEs). Under Annex I Section 2, manufacturers must implement continuous processes for identifying, assessing, mitigating and reporting vulnerabilities throughout the entire lifecycle of their product. This guide provides a detailed technical interpretation of every vulnerability handling requirement under the…
-
CRA Technical Documentation (Annex II & VII): Complete Guide for Manufacturers, Software Teams and IoT Vendors
The Cyber Resilience Act (CRA) introduces a unified set of cybersecurity requirements that apply to all Products with Digital Elements (PDE) placed on the EU market. One of the most demanding obligations for manufacturers, software teams and IoT vendors is the creation and continuous maintenance of Technical Documentation. This guide explains in detail what the…
-
Cyber Resilience Act: Requirements, Scope, and How to Prepare Before 2027
The Cyber Resilience Act (CRA) is one of the most impactful EU cybersecurity regulations ever introduced. It establishes mandatory security requirements for all products with digital elements—software, firmware, connected hardware, IoT devices, and embedded systems—throughout their entire lifecycle. The CRA will reshape how digital products are designed, developed, tested, documented, supported, updated, and monitored. With…
-
Cyber Resilience Act Applicability: Does the CRA Apply to Your Product?
The Cyber Resilience Act (CRA) introduces mandatory cybersecurity requirements for products with digital elements placed on the EU market. One of the most important questions companies face in 2025–2027 is: does the CRA apply to our product? This guide provides a deep, expert-level analysis of CRA applicability, including how “products with digital elements” are defined,…
