Cyber Resilience Act (CRA)

From research to practice: implementation aids for the EU Cyber Resilience Act

ATHENE supports companies by providing white papers on risk management and technical implementation recommendations, as well as advice on the legal aspects of CRA. At specialist events, ATHENE experts offer advice on risk management, software bills of materials (SBOMs), security and vulnerability testing, vulnerability management, CE marking and reporting obligations. ATHENE's CRA activities aim not only to ensure compliance, but also to leverage the implementation to achieve additional goals within and beyond cybersecurity. New regulations such as the CRA can create new markets and business opportunities if companies develop innovative solutions to meet the new requirements.

ATHENE projects and contributions from its "Cyber Resilience Act (CRA)" think tank

White paper CRA: Risk Management

This white paper explains how the CRA's risk management requirements differ from traditional organisational cybersecurity standards, and offers practical advice on integrating these requirements into SecDevOps processes. It is intended for manufacturers of products with digital elements.

Download (in German)

White paper CRA: Empfehlungen zur Umsetzung technischer Anforderungen

This white paper is intended for manufacturers and retailers of networked products, offering specific recommendations for CRA-compliant process design. Topics covered include how to deal with vulnerabilities, how to create software bills of materials (SBOMs) automatically, and how to integrate security tests into the development process. 

Download (in German)

White paper: Der EU Cyber Resilience Act: Ein Überblick aus rechtlicher Sicht

This white paper provides a compact overview of the key provisions of the EU Cyber Resilience Act.

Download (in German)

Download the short summary of the white paper (in German)

Lunch Lectures on the CRA

In our short, free online presentations, our experts will inform you about the specific effects of the Cyber Resilience Act and offer practical recommendations.

to the dates

We provide legal, organisational and technical support for implementing the CRA.

Our experts at Fraunhofer SIT can provide support in the following areas, which are changing as a result of the CRA:

  • Vulnerability management and coordinated vulnerability disclosure: manufacturers must establish a reporting process for vulnerabilities in their own products. More
  • Software Bill of Materials (SBOM): Software manufacturers must list the components used, as well as those to which dependencies exist. More
  • Security tests: The CRA requires manufacturers to test their products for security issues. The right tests must be carried out, taking into account the intended use and associated risks. More
  • Secure updates: Manufacturers must close security gaps, and update management must include technical and organisational precautions that meet the respective sector and compliance requirements. More
  • Legal: We provide legal training and support with gap analysis and holistic risk management. More

Contact Law: Implementation and Training

Dr. Annika Selzer

Tel.: +49 6151 869-367
E-Mail

Contact Technology: Implementation and Training

Dr. Steven Arzt

Tel.: +49 6151 869-336
E-Mail

Further Think Tanks

to the overview