CRA are we ready? A structured analysis of industry readiness.
Dag Flachet
CodificCo-founder
Abstract
The Cyber Resilience Act (CRA) has come into effect, introducing a transition period after which all products with digital components must comply with its regulations. Maturity models can help organizations evaluate their readiness for the CRA by mapping out key processes. This presentation uses OWASP SAMM to outline the processes required for CRA compliance and compares this “CRA-ready” framework with current industry benchmarks. The findings reveal that the industry is not yet prepared for the CRA. Many companies will need to improve critical security activities, such as Architecture Assessment and Requirement-Driven Testing, to meet the legislation’s requirements. The CRA-ready framework developed in this research can help organizations assess their readiness, identify gaps, lower compliance costs, and minimize the risk of non-compliance.
Speaker bio
Dag is the co-founder of Codific. He has a doctorate degree in business administration with a focus on organizational psychology. He is a professor and board member of the Geneva Business School. Serial entrepreneur who started his career fighting malware in the early 2000s, now focussed on OWASP SAMM and European cybersecurity regulations.