New laws and guidelines cause uncertainty in companies' IT departments - and also in management: The EU Commission's upcoming Cyber Resilience Act (CRA) includes liability for board members and managers in companies.
The German company Onekey has been researching cybersecurity vulnerabilities in smart products, such as IoT and OT devices, as well as practically all systems that are connected to the Internet, for years - and operates a Product Cybersecurity and Compliance Platform (in short: PCCP), which carries out automated testing and risk evaluation of device software. With the new integrated Compliance Wizard, essential steps and efforts are automated.
“Companies and even IT experts are unsettled when it comes to implementing new regulations such as the CRA. We provide support for this vacuum with the Compliance Wizard - a combination of automatic cyber security check and virtual assistant that guides companies through a simplified assessment of organizational compliance. This makes it possible to conduct a dialog-guided assessment of the current situation with subsequent analysis and documentation, which can also be used for the upcoming obligation to provide evidence in cybersecurity issues,” says Jan Wendenburg, CEO of Onekey. With the unique and patent-pending solution, the company continues to expand its lead in automated solutions for product cybersecurity.
Analyze instead of concealing
There is great uncertainty surrounding current and future IT laws - many companies do not proactively communicate incidents in IT security, as a study commissioned by the TÜV Association showed: 82 percent of German companies that had an IT security policy in the past twelve months security incident, kept it secret. “There is only one thing that can bring about a rethink: transparency, which is created within the companies themselves. In order to effectively ward off an attack, there must be transparency - including what measures are taken and in what order.
With the Compliance Wizard, we offer a simple structure that, based on our wealth of experience, brings more transparency to companies’ product cybersecurity,” Wendenburg continued. The Compliance Wizard first breaks down the requirements of the respective laws and standards, which can then be supplemented by the respective company with further content on the current situation. Even at this stage, the Compliance Wizard carries out a vulnerability analysis and provides information about standard violations that can often be easily remedied.
Preliminary stage for certification
The automatic Compliance Wizard report also serves as a self-declaration of conformity and also documents the current status of cyber security and possible compliance measures. For new software versions, the automatic analysis can be carried out in minutes and the documentation and explanations can be updated immediately. The report, which presents all relevant information in a structured form, is often the first step towards certification.
By simply exporting the analysis, structured data and supporting documents, external certification bodies can carry out subsequent certification, if necessary, more efficiently and quickly. “Our goal for companies and cybersecurity managers is to significantly simplify the implementation of the stricter product cybersecurity regulations. With the new Compliance Wizard, many standards such as the EU Cyber Resilience Act, IEC 62443, ETSI EN 303 645, UNECE R 155 and others can now be technically checked and organizationally analyzed and documented,” says Jan Wendenburg.
More at Onekey.com
About ONEKEY ONEKEY (formerly IoT Inspector) is the leading European platform for automatic security & compliance analyzes for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). Using automatically created "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, ONEKEY independently analyzes firmware for critical security gaps and compliance violations, without any source code, device or network access.