For organizations manufacturing or deploying physical devices, understanding the hardware components within those devices is just as critical as tracking the software. The Hardware Asset Registry within the CVD Portal allows you to inventory and manage the physical components, microcontrollers, and firmware associated with your products, addressing the comprehensive product lifecycle requirements of the Cyber Resilience Act (CRA).
This registry enables you to map specific hardware revisions to their corresponding firmware versions and software dependencies. When a vulnerability is reported affecting a specific chip or hardware architecture, the registry allows you to quickly identify which product lines and specific units are impacted. This is particularly crucial for IoT devices and embedded systems where patching may require complex firmware updates or physical recalls.
By integrating the hardware registry with your vulnerability management workflows, you can track the remediation status across complex hardware/software ecosystems. This holistic view ensures that vulnerabilities are addressed at all layers of the technology stack, providing the robust documentation needed to demonstrate the security of your physical products to regulators and customers.