CRA Resource Center

Practical materials for the Cyber Resilience Act

Infographics, checklists, risk analysis and reporting process materials — designed specifically for machine tool builders navigating the EU Cyber Resilience Act.

Infographics

Visual overviews of key CRA processes and requirements.

CRA Overview

The Cyber Resilience Act at a glance: scope, product classification, obligations and deadlines.

V1.0·2025-05
Updated

CRA Reporting Obligation for Machine Tool Builders

Visual overview of the CRA reporting obligation (Art. 14) starting September 2026.

V1.1·2026-03

CRA Product Lifecycle for Machine Tool Builders

Visual overview of CRA requirements across the product lifecycle.

V1.0·2025-06

Checklists

Step-by-step checklists for CRA compliance tasks.

Supplier Due Diligence — Cybersecurity

Structured checklist for assessing supplier CRA readiness — covering SBOM, vulnerability management, update policy, support period, secure operation guidance, and conformity evidence.

V1.0·2026-03

Cybersecurity in the Operations Manual

Checklist for creating and reviewing the cybersecurity chapter in operations manuals — based on CRA Annex II and Machinery Regulation Annex III 1.7.4.

V1.0·2026-03

Secure by Default — Product Configuration for Industrial Equipment

Checklist translating the 13 essential CRA cybersecurity requirements into actionable configuration measures — structured in Baseline (≈ SL 1–2) and Enhanced (≈ SL 3) tiers with mapping to OWASP and IEC 62443.

V1.0·2026-03

Technical Documentation — Cybersecurity

Checklist for the internal technical file per CRA Annex VII — highlighting synergies with existing Machinery Regulation documentation (Annex IV) for manufacturers of machines and systems with digital elements.

V1.0·2026-03

Risk Analysis

Materials and templates for CRA-compliant cyber risk analysis of your products.

Cybersecurity Risk Assessment for Machine Builders — TARA Process Guide

10-step process guide for conducting a Threat Analysis and Risk Assessment (TARA) per IEC 62443-3-2 with CRA and Machinery Regulation compliance — from security context definition to audit-ready technical documentation.

V1.0·2026-03

Asset Inventory & Compliance Tool

Excel template for regulatory compliance assessment per asset — with asset register, 15 asset compliance sheets (CRA Annex I Part I & II + MR Annex III), dashboard, and CRA×MR reference.

V1.0·2026-03

TARA Template — Risk Assessment

Excel template for threat analysis and risk assessment per product — with scoring dimensions, product profile, OT-specific threat catalog (125 threats for 23 asset types), TARA sheet (current/target state), and dashboard.

V1.0·2026-03

Reporting Process

Guides and templates for the CRA reporting process for security incidents.

Internal Reporting Process — Vulnerabilities & Security Incidents (Art. 14 CRA)

Process template for timely reporting of actively exploited vulnerabilities and severe security incidents to ENISA/CSIRT per CRA Art. 14.

V1.0·2026-03

Need help with CRA compliance?

We support machine tool builders with practical OT security consulting on the path to CRA compliance.

Get in touch