CRA Week: Step 4 Maintaining Conformity Across the Product Lifecycle

CRA Week Ep. 4: Maintaining CRA Conformity Across the Product Lifecycle

In the fourth and final episode of CRA Week, hosts Kyle and Bridgette wrap the series up with 3 CRA experts Asim Zaidi, Julien Delplancke, and Louis Rodriguez.

Asim explains why CRA compliance continues long after a product ships and highlights key underestimated challenges. (Architecture drift, maintaining secure configurations, Crypto agility, Documentation (including SBOMs).

Julien describes manufacturing-stage security needs and how EdgeLock 2Go centralizes secure credential provisioning, supports secure over-the-air updates, and enables credential renewal and crypto agility for devices in the field.

Louis outlines the role of a PSIRT, and reviews core lifecycle vulnerability processes including intake, triage and impact assessment, remediation, coordinated communications, multi-vendor coordination, and notification obligations.

Episode Resources:

• NXP CRA web page: EU Cyber Resilience Act (CRA)
• NXP PQC web page:Post-Quantum Cryptography
• EdgeLock 2GO | IOT Service Platform for Secure Deployment and Management
• NXP PSIRT: Product Security Vulnerability
• Security Certification: Security Certification

00:00 Welcome to CRA Week Finale

01:39 Why Lifecycle Matters

01:58 Hidden Long Term Challenges

05:00 Future Proof Architecture

06:41 SBOM and Crypto Agility

08:16 Manufacturing Security Basics

09:51 EdgeLock 2Go for Updates

11:50 PSIRT and Governance

15:14 Vulnerability Management Processes

16:49 CRA Week Recap and Closing