Towards an Architecture for Managing Security Under the EU Cyber Resilience Act
摘要
The European Union’s (CRA) establishes a comprehensive regulatory framework designed to enhance the cybersecurity of digital products throughout their entire lifecycle. This paper presents a systematic analysis of the technical and organizational requirements imposed by the CRA, offering a structured overview of its provisions and requirements. From this analysis, we derive an architecture that supports a compliance-by-design approach, enabling the CRA obligations to be met from the early stages of product development. This work fills a gap in the literature by providing a generalizable technical perspective on CRA compliance, supporting developers and manufacturers with a clear list of security requirements and a set of architectural guidelines.