SBA @ LSZ Cyber Crime Forum Graz
Our colleagues Nicolas Petri, Information Security Consultant, and Gerald Sendera, Data Protection Supervisor and Legal Counsel, gave an expert talk on Ich wollte nur Software bauen – und jetzt mach ich CRA-Compliance on September 30 at the LSZ Cyber Crime Forum Graz.
Abstract
“I just wanted to build software – and now I’m doing CRA compliance”
More and more legal acts of the European Union require the mandatory implementation of cybersecurity measures. The consequences of non-compliance go beyond potential fines and the associated security risks. They include personal liability of management bodies (NIS-2) or loss of market access for non-compliant products (Cyber Resilience Act – CRA). As of today, harmonized cybersecurity standards for products have not yet been issued, while European certification schemes – such as certifications under the EUCC scheme – involve complex processes that generate high costs. Often, there is a lack of awareness of a low-threshold approach that would allow organizations and software developers to review and improve the security of their processes and products already during design and development. Using selected Essential Security Requirements from Annex I of the Cyber Resilience Act and an approach based on SAMM and ASVS, we demonstrate one way to address these requirements. The outcome could already serve as the foundation for a self-assessment of CRA conformity or as evidence in the context of third-party evaluation within a certification process.
© LSZ
Further information
Cyber Crime Forum 2025: Cyber-Abwehr für die Steiermark | LSZ Graz
About the Event
The Cyber Crime Forum is Austria’s leading IT security meetup, held in Vienna, Salzburg, Rankweil, and Graz. It connects CISOs, security and risk managers, tech providers, start-ups, and experts to discuss trends, challenges, and innovations in cybersecurity. Attendees can expect keynotes, deep dives, panels, and networking to shape the future of cyber resilience and create #FutureConnections.