From Compliance to Confidence: How Our CRA Compliant Solutions Drive Your NIS2 Strategy

As the Cyber Resilience Act (CRA) establishes rigorous cybersecurity standards for products, we are committed to aligning our offerings with these new benchmarks. While we are in the process of achieving full CRA compliance, our current practices are already thoughtfully designed to support your NIS2 compliance efforts effectively.

Here’s how our CRA-aligned portfolio enhances your NIS2 compliance:

  • Secure Development Lifecycle (SDLC): Our SDLC processes are certified to the IEC 62443-4-1 standard, ensuring that our products are developed with the highest security standards across the entire product lifecycle. This certification, along with our practices like threat modeling and third-party validation, provides a robust foundation for your cybersecurity strategy, directly supporting your NIS2 compliance.
  • Effective Vulnerability Management: As a CNA (Common Vulnerabilities and Exposures Numbering Authority), we are deeply committed to supporting the CVE community through a long-term dedication to impartiality, expertise, and rigorous processes. Becoming a CNA involves undergoing a thorough validation of the CVE program and maintaining strict adherence to CNA rules and guidelines. Our Product Security Incident Response Team (PSIRT) utilizes this framework to identify, describe, and publish vulnerabilities effectively, helping secure your network and meet NIS2 compliance.
  • Proactive Threat Intelligence: We engage with white hat hackers and utilize their insights to enhance our products‘ security. This proactive approach ensures you stay ahead of emerging threats, supporting your efforts to meet NIS2 requirements.
  • SBOM Development in Progress: Although our public SBOM is in development, we already maintain a comprehensive internal list of software components and their versions. This transparency will soon help you secure your systems by managing and patching vulnerabilities more effectively, aligning with both CRA and NIS2 needs.
  • Streamlined Vulnerability Reporting: We are setting up processes to efficiently report vulnerabilities to ENISA, in accordance with CRA guidelines. This will support your compliance and response efforts under NIS2, ensuring timely and effective management of security issues.

Benefit from our CRA-aligned product solutions to enhance your NIS2 strategy. We are committed to helping you achieve and maintain robust cybersecurity and compliance in a rapidly evolving landscape.