Built on the standards that govern the CRA
The Cyber Resilience Act sits on a stack of European standards and bodies. Here is how the platform maps to each one, with an honest note on which confer presumption of conformity and which are supporting references.
EN 40000-1-3
The draft harmonised standard for CRA vulnerability handling. Full clause-to-feature mapping so you are ready for presumption of conformity once it is cited in the Official Journal.
ENISA, the EUVD & Article 14
How the platform aligns with ENISA's Single Reporting Platform, the European Vulnerability Database, and national CSIRTs. Includes a live EUVD feed.
ETSI EN 303 645
The consumer-IoT security baseline that accredited labs test against. All 13 provisions mapped to CRA Annex I evidence.
ISO/IEC 27001 & IEC 62443
The ISMS and industrial-security standards manufacturers most often already hold, mapped to CRA process and product requirements.
OSCAL catalog
The CRA vulnerability-handling requirements expressed as a machine-readable OSCAL catalog for automated compliance tooling.
Notified bodies & testing labs
Directory of EU conformity-assessment bodies and cybersecurity testing laboratories, filterable by country and standard. Verify designation in NANDO.
One platform across the whole standards stack
Threat modelling, SBOM tracking, vulnerability handling, Article 14 reporting, and technical-file assembly, all mapped to the standards above.
Get Started for Free