Decoding Cybersecurity: EN 18031 vs. the EU Cyber Resilience Act
The world of connected devices is booming, and the critical need for robust cybersecurity comes with it. Two key players in this arena are EN 18031 (Radio Equipment Directive (RED)) and the EU Cyber Resilience Act (CRA). While both aim to improve the security of our digital lives, they approach the challenge from different angles. Let's break down the key differences and explore how they relate.
Security statements for machine-readable cybersecurity posture
Security statement is a machine readable description of system’s security characteristics, like network nodes (devices, gateways, applications and servers), network interfaces (ports and services), connections between the network nodes and services, web interfaces, authentication methods, SBOMs data encryption at rest (and in transit) and so on.
Once those have been defined, one can test and verify it.
IoT cybersecurity requirements: Same but different
There are numerous security requirement specifications across various industries and regions (US, EU, UK, SGP for example). Vendors need to comply with many of them simultaneously to maximise their market potential.
But how much do the security standards differ from each other?
EU Cyber Resilience Act (CRA): Vulnerability handling requirements
Tackling vulnerabilities is at the top of the CRA’s priority list. Device manufacturers and developers will need to offer customers support for the expected product lifetime or five years, whichever is shorter. During that period manufacturers are obliged to address and correct security flaws promptly.
EU Cyber Resilience Act (CRA): Essential Cybersecurity Requirements
In this post, we focus on EU Cyber Resilience Act’s essential security requirements.
The European Union (EU) Cyber Resilience Act (CRA) Decomposed: SCOPE
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. The CRA will enter into force on December 10th, 2024
Ecosystem of security tools at your service
Open source tools can be used in IoT security assessment to verify the attack surface, security controls, and other security-related features.
Cyber Security Nordic 2024: Key Takeaways
Key Takeaways from Cyber Security Nordic 2024 conference
Tool-Driven Security Assessment (TDSA)
Tool-Driven Security Assessment (TDSA) and provides some hard science on its applicability for IoT security
Do not just patch vulnerabilities - use the defender's advantage
Do not just patch vulnerabilities - use the defender's advantage
Cyber Resilience Act obligations for IoT manufacturers, importers, and distributors
Cyber Resilience Act obligations for IoT manufacturers, importers, and distributors
