Glossary
Cyber Resilience Act (CRA)
What Is the EU Cyber Resilience Act (EU CRA)?
The EU Cyber Resilience Act (EU CRA) is a European Union regulation that establishes mandatory cybersecurity requirements for products with digital elements sold in the EU — including secure development, vulnerability handling, software bills of materials, and post-market security obligations across the product lifecycle.
The CRA represents one of the most significant expansions of software security regulation globally. It applies to manufacturers, importers, and distributors of nearly all connected products, with enforcement and substantial fines for non-compliance. The CRA explicitly references SBOMs and vulnerability handling, making evidence-based software supply chain practices a regulatory expectation rather than a competitive advantage.
NetRise Turbine generates evidence aligned to CRA requirements, including binary-derived SBOMs, vulnerability disposition data, and the documentation needed to demonstrate ongoing compliance.
Related Terms
Executive Order 14028 · Software Bill of Materials · Vulnerability Exploitability eXchange · Software Supply Chain Security


