CRA
Cyber Resilience Act (EU Reg. 2024/2847)
EU regulation that imposes cybersecurity requirements on manufacturers, importers and distributors of products with digital elements placed on the European market. Full effect from 11/12/2027. Directly applies to OEMs, system integrators and OT/IoT component vendors.
- 01Security by design across the full product lifecycle
- 02Vulnerability handling and coordinated disclosure
- 03Software component management, including SBOM
- 04Notification of actively exploited vulnerabilities within 24h
- 05Security updates throughout the declared support period
For industrial asset owners, MON5 provides visibility on CRA-relevant products installed on plant: firmware, versions, known vulnerabilities, network exposure. It lets you verify that suppliers honour their vulnerability handling obligations and manage the software/firmware inventory required by supply chain requirements.
- →Firmware and version inventory for OT/IoT devices
- →CVE correlation on installed components
- →EPSS scoring to prioritise patching
- →Evidence on network exposure of CRA-relevant products
- →Audit trail to verify supplier responsiveness
Let's figure out what you really need.
Show us the OT perimeter and the regulations you need to cover: we will tell you what MON5 documents directly, where complementary work is needed, and which tier to start from - no hard selling.