Achieve CRA Compliance with Witekio

We offer everything you need to be and stay
Cybersecurity Resilience Act compliant

Why choose Witekio
Secure by Design Product Development
Efficient and Reliable OTA Updates
Over 21 years of embedded experience
Long-Term Maintenance and Support
We're trusted by some of the worlds leading brands:

Logo block

Our success stories

Understanding the Cyber Resilience Act (CRA)

The Cyber Resilience Act (CRA) is a pivotal regulation designed to bolster the security of connected devices across Europe. It mandates that manufacturers adhere to stringent cybersecurity standards, ensuring their products are resilient against evolving cyber threats.

CRA compliance is crucial for device makers, extending beyond mere regulatory adherence. Non-compliance can result in severe penalties, including fines reaching up to €15 million or 2.5% of your global annual revenue, whichever is higher, as well as market access restrictions.

On a more positive note, CRA compliance can also help enhance your brand’s reputation by demonstrating a commitment to robust cybersecurity practices. This assurance fosters customer trust and loyalty, knowing their data and devices are secure.

 

Key Takeaways of the CRA for Device Makers:

Our experts have studied the documents, so you don’t have to:

  • Secure by Design Manufacturing: Ensuring cybersecurity is integrated at all stages of the product lifecycle.
  • Document Cybersecurity Risks: Conduct mandatory risk assessments, document all CVEs, and provide clear guides for connected products.
  • Report Security Incidents: Report vulnerabilities and cybersecurity incidents within the alloted deadlines (e.g., 24 hours to notify ENISA).

 

  • Manage CVEs and Updates: Handle exploits and provide security updates throughout the product’s entire lifecycle.

 

  • Product Classification: Compliance responsibilities vary by product class (Unclassified, Class I, Class II), with higher-risk products requiring third-party assessments
Get CRA compliant now

HOW WITEKIO CAN HELP YOU

Security Workshops to Enhance Product Safety

Our device security workshops are tailored to improve the security of your IoT products. These workshops focus on:

  • Identifying Security Threats: Pinpoint potential vulnerabilities in your device.
  • Vulnerability Analysis: Develop detailed documents outlining potential security risks.
  • Creating Custom Attack Trees: Build strategies to defend against specific threats.
  • Depending on your needs: Security target (including security objectives for the product and its operational environment), security documentation, ETSI EN 303-645 ICS…
  • and more

Through these practical, hands-on sessions, your team will learn what robust security measures your product needs to remain secure and compliant with CRA standards and build the first iteration of your product’s long-term security risk assessment.

Reliable OTA Updates

Over-The-Air (OTA) updates are essential for maintaining the security and compliance of connected devices. Witekio’s OTA integration service ensures your devices receive timely, secure updates without disrupting the user experience. Our OTA support include:

  • Secure Update Delivery: Ensuring updates are transmitted securely to prevent tampering using a “secure by design” approach.
  • Scalability: Designed to scale seamlessly, accommodating your expanding network of devices.
  • Tool-Agnostic Solutions: Selecting the best OTA tools (e.g., Mender, SWUpdate) based on your specific needs.
  • Continuous Monitoring: Keeping your devices updated with the latest security patches and improvements.

Long-Term Maintenance

Achieving CRA compliance is an ongoing process that requires continuous maintenance and support. Luckily our long-term Linux maintenance services ensure your products remain secure and compliant throughout their lifecycle. Enjoy:

  • Instant vulnerability alerts ​
  • Urgent fix process (including backporting) ​
  • Daily monitoring and impact analysis​
  • Monthly CVE reports​ with The Embedded Kit
  • Quarterly Linux maintenance release​
  • Yearly major LTS update

With Witekio’s long-term maintenance plans, you can ensure your products remain compliant and secure, minimizing unexpected costs and maximizing device performance and security.

Our Expertise in action

The CRA and Yocto based-devices Talk 

The CRA and Device Makers Blog

Cyber Resilience & Connectivity Article

Contact us