.png){kind=logo}
Regulations in IoT
These guides help Original Equipment Manufacturers (OEMs) and Operators comply with regulations:
EU Cyber Resilience Act (CRA): Security and Compliance Across the Product Lifecycle — Read an engineering-focused summary of the EU Cyber Resilience Act (CRA), highlighting the core obligations, risk classifications, scope of impact, and implementation timelines.
- Implement Secure Boot for CRA — Explore how secure boot fits into CRA compliance and how cryptographic controls, particularly those enabled by Public Key Infrastructure (PKI) and digital signing, support manufacturers in fulfilling the CRA obligations.
- Implement Secure Firmware updates for CRA — Explore how secure firmware updates fit into CRA compliance and how cryptographic controls, particularly those enabled by Public Key Infrastructure (PKI) and digital signing, support manufacturers in fulfilling the CRA obligations.
- Implement Initial Device Identities for CRA — Establish strong, hardware-bound identities with Initial Device Certificates (IDevIDs) based on IEEE 802.1AR, enabling secure boot, authenticated communication, and verifiable audit trails, while supporting CRA compliance and scalable, automated provisioning across the supply chain.
- Implement Operational Certificates for CRA — Enable runtime device trust with operational certificates issued after strong device identity verification. They support secure communications, access control, and system integrity checks—helping manufacturers and operators meet CRA obligations while providing a scalable, proven mechanism for ongoing compliance.
- Implement SSH Certificates for CRA — Replace unmanaged SSH keys with certificate-based access, enforce security policies, enable auditability, and CRA compliance.