Sign up to save your podcasts
Or
Share CRA Week: Step 3 Proving Compliance
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CRA Week: Step 3 Proving Compliance
CRA Week Day 3: Proving Compliance—Your "Recipe" for EU Cyber Resilience Act Conformance
On Day 3 of CRA Week on the EdgeVerse Techcast, hosts Kyle Dando and Bridgette Stone are joined by NXP expert Carlos Serratos to explain how manufacturers can prove compliance with the EU Cyber Resilience Act (CRA). Carlos connects Risk Assessment and Security by Design to the need to demonstrate cybersecurity conformance.
Using a baking analogy, he outlines key CRA compliance "ingredients":
- A risk assessment
- Vulnerability management policy
- Secure development process
- Support period policy,
- User information
- Product class identification
- Conformity assessment
- Technical documentation
- Declaration of Conformity
- A CE mark
He then details a step-by-step process to "bake the ingredients": perform risk analysis and select mitigations/components, analyze conformance against CRA essential requirements, verify conformance per applicable standards and product class, collect evidence and draft the declaration, ensure support period and vulnerability management are reflected in the risk assessment and user guidance, apply the CE mark, and retain documentation for 10 years after market placement!
Episode resources:
- CRA web guidance
- Security process descriptions and certifications
- CRA Paradigm Shift Training
- NXP's vulnerability management policy
00:00 Day 3 Proving Compliance
01:25 Why Compliance Matters
02:52 Risk Assessment Drives Decisions
03:31 Security by Design Lifecycle
03:55 CRA Cake Ingredients
05:46 Step by Step Conformance
07:24 Not Legal Advice Start Now
08:05 NXP Tools and Resources
09:08 Wrap Up and Next Episode
View all episodes
By Bridgette & KyleCRA Week Day 3: Proving Compliance—Your "Recipe" for EU Cyber Resilience Act Conformance
On Day 3 of CRA Week on the EdgeVerse Techcast, hosts Kyle Dando and Bridgette Stone are joined by NXP expert Carlos Serratos to explain how manufacturers can prove compliance with the EU Cyber Resilience Act (CRA). Carlos connects Risk Assessment and Security by Design to the need to demonstrate cybersecurity conformance.
Using a baking analogy, he outlines key CRA compliance "ingredients":
- A risk assessment
- Vulnerability management policy
- Secure development process
- Support period policy,
- User information
- Product class identification
- Conformity assessment
- Technical documentation
- Declaration of Conformity
- A CE mark
He then details a step-by-step process to "bake the ingredients": perform risk analysis and select mitigations/components, analyze conformance against CRA essential requirements, verify conformance per applicable standards and product class, collect evidence and draft the declaration, ensure support period and vulnerability management are reflected in the risk assessment and user guidance, apply the CE mark, and retain documentation for 10 years after market placement!
Episode resources:
- CRA web guidance
- Security process descriptions and certifications
- CRA Paradigm Shift Training
- NXP's vulnerability management policy
00:00 Day 3 Proving Compliance
01:25 Why Compliance Matters
02:52 Risk Assessment Drives Decisions
03:31 Security by Design Lifecycle
03:55 CRA Cake Ingredients
05:46 Step by Step Conformance
07:24 Not Legal Advice Start Now
08:05 NXP Tools and Resources
09:08 Wrap Up and Next Episode