Compliance with the European Cyber Resilience Act (CRA)
Our Product’s Cybersecurity Commitment
DLOGIC GmbH is fully committed to CRA compliance. We integrate cybersecurity into every stage of development and operations to ensure our product meets or exceeds the essential requirements of the CRA, including risk assessment, secure default settings, and ongoing support.
Cybersecurity Certification
We work with an accredited independent testing laboratory to obtain formal CRA cybersecurity certification. This process validates our product’s compliance with essential requirements for vulnerability handling, secure design, and resilience against known attack vectors.
Regular Distribution of Safety-Critical Software Updates
We maintain a structured process for the timely release and deployment of safety-critical software updates. These updates address newly identified vulnerabilities and are delivered with minimal disruption to product operation.
Secure Port Management
We provide built-in mechanisms to secure all unused ports, with primary focus on USB ports. Unused ports can be completely disabled via software configuration and can only be re-enabled through multi-factor password-based authentication, preventing physical tampering and unauthorized access.
A/B Boot Architecture with Dual BSP Slots
Our device supports a robust A/B boot system featuring active and passive boot slots with two separate Board Support Package (BSP) versions installed. This enables staged (canary) updates and automatic rollback/recovery in the event of an update failure, ensuring high availability and resilience.
Secure Boot Solution with Tamper Proofing
We implement a hardware-rooted secure boot process that verifies the integrity and authenticity of all firmware and software components at startup. This tamper-proof mechanism prevents the execution of unauthorized or modified code, protecting against supply-chain and runtime attacks.
Patch Distribution via Secure Online Service
Patches and updates are delivered through a dedicated, encrypted online patch-distribution service. The service supports authenticated, integrity-checked delivery with version control, ensuring only verified updates reach the device.
These measures demonstrate our proactive approach to cybersecurity and our dedication to meeting the full scope of CRA obligations, including documentation, support periods, and vulnerability disclosure. We continuously monitor regulatory developments and industry best practices to maintain the highest level of protection for our customers.
For further information or to request our full CRA technical file, please contact our compliance team below.
Speak with our Compliance Team
Explore Our Case Studies
Click on the images below to see the Case Studies
