Mastodawn

Amanita Security Oct 9, 2024

Following our initial article on the Cyber Resilience Act's objectives, we’re back with a comprehensive exploration of its essential requirements. 🔍

In our latest article, "Reflections on Cyber Resilience Act Requirements," we break down the technical aspects including:

- Ensuring no known exploitable vulnerabilities when products hit the market.
- Adopting a 'Secure by Default' stance while allowing tailored solutions.
- Implementing robust mechanisms for automated security updates.
- Upholding data confidentiality, integrity, and resilience against unauthorized access or manipulations.
- Minimizing attack surfaces and ensuring product lifecycle security.
- etc.

Read the full article here: https://www.amanitasecurity.com/posts/reflections-on-cyber-resilience-act-requirements/

These requirements will mean more than pure compliance — it requires instilling a culture of security by design and by default when developing your connected devices. But interpreting and implementing these intricate mandates can be challenging, especially when balancing time to market and cost.

Ready but not sure where to start? Don’t navigate these waters alone. Reach out for a friendly chat and discover how we can assist you.
Feel free to contact us at [email protected] for personalized advice and solutions tailored to your organization’s unique needs.

#IoTSecurity #ProductSecurity #SecureByDesign #EURegulations #CyberResilience

Reflections on Cyber Resilience Act Requirements

If we are to summarize the requirements of the Cyber Resilience Act, we can state that products must be secure by design, secure by default, and without known vulnerabilities. It’s necessary to protect the confidentiality and integrity of your products and its data, and not become part of a botnet. Prevent data loss and ensure it is possible to detect when something goes wrong through logging and telemetry, while remaining privacy conscious. And if, despite all good intentions, a vulnerability is identified, ensure they can be rectified by applying updates in a timely manner.

Amanita Security

Amanita Security Oct 1, 2024

𝗛𝗼𝘄 𝘁𝗼 𝗴𝗲𝘁 𝘀𝘁𝗮𝗿𝘁𝗲𝗱 𝘄𝗶𝘁𝗵 𝘁𝗵𝗲 𝗘𝗨 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 ?

It mandates secure design, development, and maintenance for digital devices, addressing low cybersecurity levels and lack of information.

Key Points:

1️⃣ Prescribes essential (technical) & vulnerability handling requirements.

2️⃣ Applies to most companies from 2026 onwards.

3️⃣ Manufacturers must ensure third-party component security.

4️⃣ Non-compliance can lead to hefty fines. ️

Now's the time to start prepping! 🛠️

Read all about it now in the first part of this multi-part series: https://www.amanitasecurity.com/posts/approaching-the-eu-cyber-resilience-act/

Need help? Amanita Consulting has your back!

#cyberresilience #productsecurity #manufacturing #EURegulations #AmanitaSecurity

Approaching the EU Cyber Resilience Act

The EU Cyber Resilience Act is a new regulation introducing mandatory cybersecurity requirements for products with digital elements. The Act aims to improve product security, handle vulnerabilities, and increase transparency. With compliance starting in 2026, it impacts manufacturers, importers, and distributors of technology in the European market. The article provides a comprehensive overview of the Act’s requirements, exemptions, consequences, and its impact on the supply chain and your organisation.

Amanita Security

Amanita Security Sep 18, 2024

🔍 𝗘𝘅𝗽𝗹𝗼𝗿𝗲 𝗼𝘂𝗿 𝗘𝗨 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻𝘀 𝘁𝗶𝗺𝗲𝗹𝗶𝗻𝗲 !

At Amanita Security, we track fourteen European legislative acts that impact the cybersecurity landscape for product manufacturers across different industries.

Our latest resource provides clear answers to the two most pressing questions in one handy table:
1. What legislation do we need to comply with?
2. By when must we comply?

Staying informed about these regulations is crucial for ensuring your products remain conform and effectively mitigate cybersecurity risks.

Check it now (and don't forget to bookmark): https://www.amanitasecurity.com/posts/european-cybersecurity-regulations-product-manufacturing-timeline/

Need help integrating these regulatory changes into your technology stack and organisation? Don’t hesitate to **get in touch** for personalised help.

#Cybersecurity #Productsecurity #Manufacturing #Regulations #AmanitaSecurity

EU Cybersecurity Regulations Timeline

Stay updated on the EU's evolving cybersecurity regulations for product manufacturers. Amanita Security tracks fourteen significant legal acts, detailing their current legislative status, entry into force, and applicability dates.

Amanita Security

Amanita Security Sep 12, 2024

𝐈𝐬 𝐲𝐨𝐮𝐫 𝐩𝐫𝐨𝐝𝐮𝐜𝐭 𝐫𝐞𝐚𝐝𝐲 𝐟𝐨𝐫 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐰𝐚𝐯𝐞 𝐨𝐟 𝐄𝐮𝐫𝐨𝐩𝐞𝐚𝐧 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐢𝐨𝐧𝐬?

In our latest article, we break down the essential regulations and requirements you need to know about, including:
✅ General Product Safety Regulation
✅ Product Liability Directive
✅ Radio Equipment Directive
✅ Cyber Resilience Act
✅ Machinery Regulation

Read the full article here: https://www.amanitasecurity.com/posts/european-cybersecurity-regulations-for-product-manufacturers/

#Cybersecurity #Regulations #Manufacturing #ProductSecurity #RadioEquipment

EU Security Regulations For Manufacturers

Understanding and navigating the complex EU cybersecurity regulations is crucial for product manufacturers. This article outlines key legislation manufacturers must comply with to maintain product security throughout its lifecycle.

Amanita Security

Amanita Security Apr 24, 2024

𝗣𝗿𝗼𝗴𝗿𝗲𝘀𝘀 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 𝗿𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁s
Two significant steps were recently taken towards further clarification of the European Cyber Resilience Act (CRA) requirements:

1. 𝗛𝗮𝗿𝗺𝗼𝗻𝗶𝘇𝗶𝗻𝗴 𝘁𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀
The European Union called upon the European standards organisations (CEN, CENELEC, ETSI) to define harmonized technical standards in support of the CRA. A total of forty-one (41) deliverables have been requested covering all the technical and vulnerability handling requirements of the CRA.
This is important as companies conforming with these future technical standards will be presumed to be in compliance with the regulation.

2. 𝗠𝗮𝗽𝗽𝗶𝗻𝗴 𝗖𝗥𝗔 𝗿𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝘁𝗼 𝗶𝗻𝘁𝗲𝗿𝗻𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀
ENISA provided a mapping of the Cyber Resilience Act requirements towards other international Cyber Security standards. The ETSI EN 303 645 - Cyber Security for Consumer Internet of Things: Baseline Requirements standard is currently the only one that fully aligns with the essential technical requirements of the CRA. Other common standards, such as IEC 62443-4-2, meet 7 out of 13 requirements.
As for vulnerability handling requirements, no current international standards meet all CRA requirements. ISO/IEC 30111 - Security Techniques: Vulnerability Handling Processes comes closest by fulfilling 5 out of 8 vulnerability handling requirements.

We can conclude that most companies will need to put in additional effort to comply with this upcoming regulation.
Companies that want to integrate these future requirements into their current planning can prepare by working towards EN 303 645 and ISO 30111, thereby reducing future adaptation needs.

Amanita Security Mar 7, 2024

The Linux Kernel project’s new CVE Numbering Authority places a large burden on product manufacturers due to the assignment of CVEs for non-security issues. Our latest article discusses the complexities introduced by the new CVE assignment process, the challenges of frequent updates for electronic devices, and challenges that lay ahead for the engineering teams.

Read the article at https://www.amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/

Dear Linux Kernel CNA, What Have You Done ?

The Linux Kernel project’s new CVE Numbering Authority (CNA) has a large impact on product manufacturers. Explore the complexities introduced by the new CVE assignment process, the challenges of frequent updates for electronic devices, and the burden placed on organizations due to the assignment of CVEs for non-security issues.

Amanita Security Feb 26, 2024

We might all need a reminder on how to properly interpret security assurance levels in the context of EU cybersecurity legislation. They are very easy to be misunderstood.

The True Meaning of Security Assurance Levels

Security Assurance Levels used in EU legislation are very easy to be misunderstood, we might all need a reminder about their true meaning

Amanita Security Feb 13, 2024

I am very excited to announce the launch of Amanita Security, a new security consulting company dedicated to providing trusted cybersecurity services to product manufacturers.

Product manufacturers are expected to experience a significant shift towards improved cybersecurity in the next few years. This is not only out of necessity to ensure more secure products, but due to the new regulations being established.

Amanita Security is all about helping manufacturers succeed with this transition in a holistic manner, by ensuring technical product security is achieved from circuit board to the cloud, and by integrating sensible approaches to cybersecurity into your product lifecycle and processes.

When you partner with Amanita Security, you can expect first-class tailormade, independent projects that help meet your security objectives.
Amanita’s approach is firmly rooted in decades of deep technical, domain and organisational expertise, paired with a friendly, proactive collaborative approach.

You can read more about our services, our vision and values on the new website: https://www.amanitasecurity.com

Join me in in this new exciting adventure, and let us know how we can assist with your product cybersecurity needs!

Amanita Security

Trusted Cybersecurity Services for Product Manufacturers