CRACoWi is an innovative project aimed at assisting businesses comply with the European Union’s Cyber Resilience Act (CRA). The project focuses on developing a tool that streamlines compliance assessments, generates required documentation, and offers support for cybersecurity certification. CRACoWi simplifies the process of meeting CRA requirements while strengthening the security of products. By enhancing compliance efficiency, it helps to promote trust and security in the European digital market.

The project’s main objectives are as follows:

• Enhance awareness of cybersecurity and compliance: Develop and execute awareness raising campaigns about cybersecurity and compliance, including the organisation of seminars, webinars, conferences, events, the creation of informative white papers and other stakeholder engagement activities to enhance cooperation on cybersecurity at technical, operational and strategic levels.

• Deliver extensive capacity building program: Ensuring that a diverse range of stakeholders are not only informed, but also empowered to navigate the CRA’s complexities with clarity and relevance. The project will deliver a series of events, workshops, training sessions, webinars, knowledge exchanges, train-the-trainer sessions, best practices sharing, collaborative problem solving etc, completed by white papers. The proposed capacity building program will, among others, involve participants from academia outlining recommendations on techniques how to incorporate new cybersecurity requirements and developments into future curricula to train and educate the next generation of cybersecurity specialists.

• Conduct a health check for vulnerabilities and readiness: The Consortium`s proposed approach involves the integration of a black-box automated scan, as part of the CRACoWi implementation plan.

• Conduct a comprehensive compliance assessment: The project foresees a comprehensive gap analysis by creating and integrating an AI-guided Compliance Vendor Questionnaire. Further activities include gathering further evidence of compliance. To enhance assessment capabilities, an automated testing of device interfaces will be integrated.

• Support certification: CRACoWi aims to provide the means for actors to showcase their compliance to regulatory authorities and additionally, it seeks to enable actors to communicate their security levels to both B2B and B2C markets. Along the certification strategy, the project will leverage existing certification schemes whenever possible and when necessary, develop its own certification standards. Notably, the CRACoWi consortium includes members who possess the capacity and authorization to issue certificates and product labels.

• Update (comprehensive product life cycle management): The project will encompass the entire life cycle of products, including updates (full life cycle inclusion) and will continuously monitor newly discovered vulnerabilities as key component of this approach.

ITML’s role in the project

ITML, as the project coordinator, oversees various aspects of the project, including technical management, quality assurance, risk management, and stakeholder engagement. ITML is also actively involved in defining system components, evaluating critical infrastructure, and supporting the implementation of cybersecurity risk management measures. ITML’s contributions are essential to ensuring the successful development and deployment of the CRACoWi tool.