What CRA Means for You

The Cyber Resilience Act (CRA) is a new EU regulation that works to improve cybersecurity by establishing standards for products with digital elements sold within the European Union. This includes both software and hardware, everything from smart home devices to operating systems. Proposed by the European Commission in 2022, it is expected to come into effect gradually between 2025 and 2027.

CRA requires that manufacturers:

• Design products with cybersecurity in mind, ensuring security throughout the entire lifecycle

• Provide free security updates, including automatic updates, to address vulnerabilities

• Publicly disclose vulnerabilities and report to authorities if a vulnerability is exploited

• Report incidents and actively exploited vulnerabilities

This shifts responsibility for cybersecurity onto the manufacturers, who are required to ensure resilience throughout the entire lifecycle of their products, from design to deployment. 

What does bifrost have to do with this? 

bifrost helps companies meet CRA requirements:

• It tailors security profiles for each workload by learning its normal behavior at runtime, ensuring continuous protection throughout the product’s lifecycle. Simply put, bifrost ensures the application does what it should, and nothing else. 

• Once set up, bifrost integrates into the CI/CD pipelines and automatically adjusts the security profile with each new build or update, making it easier to release software updates to end customers. 

• Need to report a vulnerability or incident? Bifrost detects abnormal behavior in real-time and provides the insight needed to document and report issues, keeping you compliant, transparent, and protected.

Compliance doesn’t have to be complex. Let bifrost handle it.

Discover how bifrost can help your organisation: Schedule a short demo