Sign up to save your podcasts
Or
Share CRA Week: Step 4 Maintaining Conformity Across the Product Lifecycle
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CRA Week: Step 4 Maintaining Conformity Across the Product Lifecycle
CRA Week Ep. 4: Maintaining CRA Conformity Across the Product Lifecycle
In the fourth and final episode of CRA Week, hosts Kyle and Bridgette wrap the series up with 3 CRA experts Asim Zaidi, Julien Delplancke, and Louis Rodriguez.
Asim explains why CRA compliance continues long after a product ships and highlights key underestimated challenges. (Architecture drift, maintaining secure configurations, Crypto agility, Documentation (including SBOMs).
Julien describes manufacturing-stage security needs and how EdgeLock 2Go centralizes secure credential provisioning, supports secure over-the-air updates, and enables credential renewal and crypto agility for devices in the field.
Louis outlines the role of a PSIRT, and reviews core lifecycle vulnerability processes including intake, triage and impact assessment, remediation, coordinated communications, multi-vendor coordination, and notification obligations.
Episode Resources:
- NXP CRA web page: EU Cyber Resilience Act (CRA)
- NXP PQC web page:Post-Quantum Cryptography
- EdgeLock 2GO | IOT Service Platform for Secure Deployment and Management
- NXP PSIRT: Product Security Vulnerability
- Security Certification: Security Certification
00:00 Welcome to CRA Week Finale
01:39 Why Lifecycle Matters
01:58 Hidden Long Term Challenges
05:00 Future Proof Architecture
06:41 SBOM and Crypto Agility
08:16 Manufacturing Security Basics
09:51 EdgeLock 2Go for Updates
11:50 PSIRT and Governance
15:14 Vulnerability Management Processes
16:49 CRA Week Recap and Closing
View all episodes
By Bridgette & KyleCRA Week Ep. 4: Maintaining CRA Conformity Across the Product Lifecycle
In the fourth and final episode of CRA Week, hosts Kyle and Bridgette wrap the series up with 3 CRA experts Asim Zaidi, Julien Delplancke, and Louis Rodriguez.
Asim explains why CRA compliance continues long after a product ships and highlights key underestimated challenges. (Architecture drift, maintaining secure configurations, Crypto agility, Documentation (including SBOMs).
Julien describes manufacturing-stage security needs and how EdgeLock 2Go centralizes secure credential provisioning, supports secure over-the-air updates, and enables credential renewal and crypto agility for devices in the field.
Louis outlines the role of a PSIRT, and reviews core lifecycle vulnerability processes including intake, triage and impact assessment, remediation, coordinated communications, multi-vendor coordination, and notification obligations.
Episode Resources:
- NXP CRA web page: EU Cyber Resilience Act (CRA)
- NXP PQC web page:Post-Quantum Cryptography
- EdgeLock 2GO | IOT Service Platform for Secure Deployment and Management
- NXP PSIRT: Product Security Vulnerability
- Security Certification: Security Certification
00:00 Welcome to CRA Week Finale
01:39 Why Lifecycle Matters
01:58 Hidden Long Term Challenges
05:00 Future Proof Architecture
06:41 SBOM and Crypto Agility
08:16 Manufacturing Security Basics
09:51 EdgeLock 2Go for Updates
11:50 PSIRT and Governance
15:14 Vulnerability Management Processes
16:49 CRA Week Recap and Closing