Cases
Docs
EA Viden
Blog

Docs Menu

Guide

Overview

Penalties

Product categories

Categories
Conformity assessment

Risk assessment

Introduction
Risk assessment primer
Threat modeling
Reassessment
Risk assessment standards

Standards

Harmonized standards
Existing standards

Lifecycle

Planning
Design
Development
Testing
Production
Deployment
- - When first put on the market
  - Before each release
Maintenance
End-of-life
Methodologies

Software supply chain

Containers

Technology
- Cgroups & namespaces
- Images
Harden containers
Runtime hardening
Further reading

Development Environment

Introduction
Custom virtual machine
Access tokens
CI/CD

Security Testing

Software Bill of Materials

CycloneDX vs SPDX
Generating SBOMs
Analyzing SBOM

Additional resources

Azure IoT Edge
MQTT
Matter / Thread

Guide

This site was created as output of a research project, looking into how SMEs can comply with Cyber Resilience Act.

This page describes our progress on producing this guide. You might want to skip to:

Roadmap

List of what parts have been completed and what is expected to come later.

Roadmap
Product categories
Risk assessment
Lifecycle
Vulnerability management
Technical documentation
Cybersecurity requirements
Software supply chain
- Containers
- Development environment
- Software Bill of Materials
- Security Testing

Methodology

Research synthesis

Extract, digest and combine information from other sources and augment with knowledge about security best practices in software development context.

Action research

The section "Software supply chain" is based on action research. Where we work with companies in-progress of becoming CRA compliant.

© 2026