SEC10Cyber Resilience Act (CRA) Compliance for Embedded Systems
|
Objectives
|
- Embedded Systems Engineers building products with digital elements
- Firmware Architects designing systems for compliance
- Product Managers overseeing compliance and communicating
- Manufacturing & Supply Chain teams responsible for product security at all stages
- Basic Knowledge of Embedded Systems
- LIVE ONLINE
- Interactive virtual classroom with remote lab access, digital materials, same expertise as classroom format, available for distributed teams
- ON-SITE/PRIVATE (Your Facility)
- Customized to your products, your schedule, your team. Can be tailored to your specific industry or product type.
- Theoretical course
- PDF course material (in English) supplemented by a printed version for face-to-face courses.
- Online courses are dispensed using the Teams video-conferencing system.
- The trainer answers trainees' questions during the training and provide technical and pedagogical assistance.
- At the start of each session the trainer will interact with the trainees to ensure the course fits their expectations and correct if needed
- The prerequisites indicated above are assessed before the training by the technical supervision of the traineein his company, or by the trainee himself in the exceptional case of an individual trainee.
- Trainee progress is assessed by quizzes offered at the end of various sections to verify that the trainees have assimilated the points presented
- At the end of the training, each trainee receives a certificate attesting that they have successfully completed the course.
- In the event of a problem, discovered during the course, due to a lack of prerequisites by the trainee a different or additional training is offered to them, generally to reinforce their prerequisites,in agreement with their company manager if applicable.
Course Outline
- Why CRA Matters Now
- CRA Scope & Applicability - Product classification
- CRA vs. Related EU Regulations
- CRA Timeline & Entry Into Force
- Secure Design & Development
- Threat modeling
- Design principles
- Vulnerability Management
- Lifecycle approach (discover -> assess -> remediate -> deploy)
- Transparency & User Information
- Required disclosures
- Communication channels
- Handling Substantial Modifications
- Decision matrix approach
- CRA Classification: Important vs. Critical
- CE Marking & Conformity Assessment
- self-cert vs. notified body
- Technical Docs.
- Case study: Applying conformity assessments to embedded systems
- Industrial IoT gateway example
- Step-by-step walkthrough
- Assessment Pathway Selection Activity
- Manufacturer Obligations
- Pre-market, post-market, end-of-life phases
- Support period expectations
- clear responsibility mapping
- Supply Chain Security
- Due diligence requirements
- Open source considerations
- Risk assessment matrix
- Risk assessment & Due diligence
- 6-step framework
- CVSS scoring explained
- Security Solutions
- Secure boot architecture
- Hardware security options (TPMs, Secure Elements)
- RTOS & OS Security Features
- Comparison table (Zephyr, Linux, FreeRTOS)
- CRA readiness scores
- Compliance Tools and Frameworks
- Vulnerability scanning tools (e.g., CVE checkers)
- Compliance management platforms
- Security testing frameworks
More
To book a training session or for more information, please contact us on info@ac6-training.com.
Registrations are accepted till one week before the start date for scheduled classes. For late registrations, please consult us.
You can also fill and send us the registration form
This course can be provided either remotely, in our Paris training center or worldwide on your premises.
Scheduled classes are confirmed as soon as there is two confirmed bookings. Bookings are accepted until 1 week before the course start.
Last update of course schedule: 24 January 2025
Booking one of our trainings is subject to our General Terms of Sales