Uncategorized
-
CRA SBOM Requirements: Complete Guide for Manufacturers, IoT Vendors and Software Teams
CRA SBOM requirements make component transparency a compliance obligation. Learn what your SBOM should include, which formats work (SPDX/CycloneDX), and how SBOMs support vulnerability handling before 2027.
-
CRA Scope Explained: What Products Are In and Out (Complete Guide)
A practical guide to understanding the scope of the Cyber Resilience Act (CRA). Learn which products are in scope, which are excluded, and how to determine whether your digital product must comply with the CRA.
-
CRA Risk Assessment: Requirements, Methodology & Templates
A complete, in-depth guide to CRA cybersecurity risk assessments. Learn how to meet Annex I, II and VII requirements, structure a compliant analysis, build threat models, document vulnerabilities, evaluate risks, map mitigations and prepare audit-ready technical documentation for Cyber Resilience Act conformity.
-
CRA Conformity Assessment: Internal Control vs Third-Party Assessment (Complete Guide)
Understand how CRA conformity assessment works under the Cyber Resilience Act, including the differences between Internal Control and Third-Party Assessment, when each pathway applies, and what manufacturers must prepare to achieve compliance.
-
CRA Update & Patch Management Requirements: Complete Guide for Manufacturers and Software Teams
CRA update and patch management requirements make secure updates and lifecycle support mandatory. Learn what the CRA expects for signed delivery, validation, rollback prevention, user communication and Annex II/VII evidence.
-
CRA Vulnerability Handling Requirements (Annex I – Section 2): Complete Guide for Manufacturers and IoT Vendors
CRA vulnerability handling requirements (Annex I, Section 2) define how you receive, triage, fix and disclose vulnerabilities. This guide converts the legal text into a practical workflow, records and timelines.
-
CRA Technical Documentation (Annex II & VII): Complete Guide for Manufacturers, Software Teams and IoT Vendors
CRA technical documentation is the evidence package regulators can request at any time. Learn what Annex II and Annex VII require, how to structure the technical file, and how to keep it updated across the lifecycle.
-
Cyber Resilience Act: Requirements, Scope, and How to Prepare Before 2027
An end-to-end Cyber Resilience Act overview: scope, roles, product classification, essential requirements, documentation and reporting. Includes practical steps to prepare for 2025–2027 enforcement.
-
Cyber Resilience Act Applicability: Does the CRA Apply to Your Product?
Not sure if the CRA applies to your product? This CRA applicability guide explains what counts as a product with digital elements, the main exclusions, and the scope edge cases most teams miss.
Download free CRA Checklist 2025
The definitive CRA checklist for assessing your organization’s readiness for the Cyber Resilience Act.
By submitting this form, you accept our Terms and acknowledge that Regulus will process your data to send the checklist. For more details, see our Privacy Policy.