All standards through which the Cyber Resilience Act (CRA) is implemented (IEC 62443 et al.) presuppose a risk analysis, from which the required security-by-design approach and the security requirements can ultimately be derived. Our security engineers support you with the analysis at system level and with implementation planning at operating system level, including lifecycle management. This gives you a defined basis on which to plan and drive forward the implementation of the CRA for your embedded Linux-based products.
Flexible formats for individual needs
We offer a range of formats that can be combined with one another as required:
■ Initial Risk Analysis Workshop – an efficient, product-specific entry into the topic of the CRA
In a one- to two-day workshop with you, prepared in an approximately two-hour video call, we determine together which steps are required for implementation – and which may not be. The goal is an adequate approach for meeting the requirements of the CRA as efficiently as possible.
■ Extended Risk Analysis Workshop
Beyond the Initial Risk Analysis Workshop, this package also includes a quota of support days – both to prepare the workshop more thoroughly and to work up the results together with you.
■ Risk Assessments
We are also happy to support you with risk analysis at system level in order to establish a close link to the product and its application context from the outset – in contrast to purely model-based approaches. Our security experts and engineers are available for this.
■ You have already carried out a risk assessment: workshop for implementation at the embedded Linux operating system level
Together with you, we derive the requirements for the embedded Linux operating system level from the risk analysis. This involves planning, for example, secure/trusted boot mechanisms, secure update concepts, key management, IP protection and lifecycle maintenance. The workshop lasts one to two days and can be supplemented with support packages.
■ Risk Analysis for legacy products
We offer the same risk analysis – with or without support packages – for embedded Linux-based products already on the market. In every case, the goal of the workshop is an approach for extending and documenting an existing product in a CRA-compliant manner.
Your benefits at a glance
■ Efficient entry into the CRA topic
The initial risk workshop gives you a good overview of the implementation steps specific to your product.
■ Specific planning of measures
Not every product needs to implement all potentially required measures. We help you plan efficiently and effectively.
■ A mix of competencies – technical and formal
By combining the expertise of our embedded Linux specialists with that of our security engineers, both technical and formal aspects are covered in the workshop.
■ Reuse of the results
The results of the initial risk analysis can be used directly in a formal risk analysis – with or without us.
■ Scalability
With additional support packages, you can extend the workshop offerings as you wish.
■ Implementation expertise
We are happy to support you with the complete implementation of the defined measures at firmware, bootloader, kernel and userland level, as well as with security-relevant applications and integration into a backend. We likewise accompany you through the certification process for the embedded Linux system.
Schedule a workshopFeel free to call us or send us an email. During our initial discussion, we’ll work with you to determine which approach is most efficient for you. Your contactOur experts from the emlix Solutions team |