CRA Training for Embedded Teams
This page covers how AC6 delivers Cyber Resilience Act (CRA) training specifically for embedded products. It pairs with the implementation guide but adds instructor-led depth, labs, and review of your own context.
Who this is for
- Embedded firmware/software teams building Products with Digital Elements (PDEs)
- Security, compliance, and product owners preparing for CRA obligations
- Teams that need to align architecture, SDL, and documentation with CRA Annex I/II/VII
What you get
- Scope and classification: PDE identification, important/critical status, role allocation
- Engineering controls: Practical mappings for boot, isolation, crypto, updates, identity, logging
- Secure development lifecycle: Gating, tooling, evidence, and variant-aware SBOM/VEX
- Technical documentation: How to produce and maintain CRA evidence packages
- Vulnerability handling: PSIRT workflow, triage, timelines, and reporting
- Audit/readiness review: Checklist and gap-closing plan
Delivery format
- Instructor-led (virtual or on-site)
- Adapted to your CPU/SoC/RTOS/update stack and release process
- Optionally includes working sessions on your current architecture and documentation