CRA Resource Center

Practical materials for the Cyber Resilience Act

Infographics, checklists, risk analysis and reporting process materials — designed specifically for machine tool builders navigating the EU Cyber Resilience Act.

Infographics

Visual overviews of key CRA processes and requirements.

CRA Overview

The Cyber Resilience Act at a glance: scope, product classification, obligations and deadlines.

V1.0·2025-05
DEDEpdfENENpdf
Updated

CRA Reporting Obligation for Machine Tool Builders

Visual overview of the CRA reporting obligation (Art. 14) starting September 2026.

V1.1·2026-03
DEDEpdfENENpdf

CRA Product Lifecycle for Machine Tool Builders

Visual overview of CRA requirements across the product lifecycle.

V1.0·2025-06
DEDEpdfENENpdf

Checklists

Step-by-step checklists for CRA compliance tasks.

Supplier Due Diligence — Cybersecurity

Structured checklist for assessing supplier CRA readiness — covering SBOM, vulnerability management, update policy, support period, secure operation guidance, and conformity evidence.

V1.0·2026-03
DEDEdocxENENdocxFRFRdocx

Cybersecurity in the Operations Manual

Checklist for creating and reviewing the cybersecurity chapter in operations manuals — based on CRA Annex II and Machinery Regulation Annex III 1.7.4.

V1.0·2026-03
DEDEdocxENENdocxFRFRdocx

Secure by Default — Product Configuration for Industrial Equipment

Checklist translating the 13 essential CRA cybersecurity requirements into actionable configuration measures — structured in Baseline (≈ SL 1–2) and Enhanced (≈ SL 3) tiers with mapping to OWASP and IEC 62443.

V1.0·2026-03
DEDEdocxENENdocxFRFRdocx

Technical Documentation — Cybersecurity

Checklist for the internal technical file per CRA Annex VII — highlighting synergies with existing Machinery Regulation documentation (Annex IV) for manufacturers of machines and systems with digital elements.

V1.0·2026-03
DEDEdocxENENdocxFRFRdocx

Risk Analysis

Materials and templates for CRA-compliant cyber risk analysis of your products.

Cybersecurity Risk Assessment for Machine Builders — TARA Process Guide

10-step process guide for conducting a Threat Analysis and Risk Assessment (TARA) per IEC 62443-3-2 with CRA and Machinery Regulation compliance — from security context definition to audit-ready technical documentation.

V1.0·2026-03
DEDEpdf

Asset Inventory & Compliance Tool

Excel template for regulatory compliance assessment per asset — with asset register, 15 asset compliance sheets (CRA Annex I Part I & II + MR Annex III), dashboard, and CRA×MR reference.

V1.0·2026-03
DEDExlsx

TARA Template — Risk Assessment

Excel template for threat analysis and risk assessment per product — with scoring dimensions, product profile, OT-specific threat catalog (125 threats for 23 asset types), TARA sheet (current/target state), and dashboard.

V1.0·2026-03
DEDExlsx

Reporting Process

Guides and templates for the CRA reporting process for security incidents.

Internal Reporting Process — Vulnerabilities & Security Incidents (Art. 14 CRA)

Process template for timely reporting of actively exploited vulnerabilities and severe security incidents to ENISA/CSIRT per CRA Art. 14.

V1.0·2026-03
DEDEdocx

Need help with CRA compliance?

We support machine tool builders with practical OT security consulting on the path to CRA compliance.

Get in touch

Powered by

Alpina Connect GmbH logoAlpina Connect GmbH

Book Your CRA Compliance & OT Security Check

Learn how to make your OT environment secure and CRA-compliant.

Schedule a Call

© 2026 Alpina Connect GmbH
All rights reserved.