Arduino Portenta X8 Achieves EU’s Cyber Resilience Act (CRA) Compliance
Foundries.io, in partnership with Arduino, has successfully integrated its security software into the Portenta X8, marking a significant milestone as the first system-on-module (SoM) to meet CRA Compliance under the European Union’s Cyber Resilience Act (CRA).
The Implications of the Cyber Resilience Act
The new EU regulation, the Cyber Resilience Act (CRA), mandates minimum security standards for all IoT devices in Europe starting from 2025. This regulation aims to:
- Establish secure product standards across the EU.
- Emphasize security at every stage of a product’s lifecycle.
- Enhance user awareness of cybersecurity features.
- Prompt Original Equipment Manufacturers (OEMs) to swiftly address device vulnerabilities.
These rules will be enforced for the entire lifespan of the devices, ensuring a higher level of security for consumers.
Compliance Requirements and Exceptions
Under the forthcoming EU regulations, all digital products must adhere to the new security standards, with exceptions for specific categories such as medical devices, aviation equipment, and motor vehicles. Products deemed high-risk will undergo independent security evaluations, with manufacturers required to ensure compliance. EU member states will oversee rule enforcement, supported by the Commission. Notably, products labeled ‘highly critical’ will necessitate additional security measures.
Security Enhancements for Portenta X8
To align with the new EU regulations, Foundries.io and Arduino have collaborated to enhance the security features of the Portenta X8 SoM. Foundries.io, known for its cloud-native IoT solutions, and Arduino, a leading hardware provider, have combined forces to fortify the Portenta X8 against cyber threats.
Users of the Portenta X8 SoM can now manage device security, data protection, and software updates efficiently within a unified, cloud-based environment. This integration offers robust protection against cyber-attacks and malware, ensuring rapid responses to emerging security risks.
Key Security Features
The Portenta X8 boasts a suite of security functions facilitated by the Linux micro-platform and FoundriesFactory platform, including:
- Secure boot
- Trusted execution environment
- Remote attestation
- Key installation
- Cloud authentication
- Secure OTA updating compliant with TUF standards
- Automatic SBOM generation post-software updates
CEO Insights
Fabio Violante, CEO of Arduino, emphasized the importance of prioritizing security in Linux-based edge devices. He stated, ‘When deploying Linux-based edge devices, security cannot be an afterthought. That’s why we designed the Arduino Portenta X8 giving the highest priority to security features, end to end. This spans from Hardware and Firmware to the Linux distribution and device management with FoundriesFactory technology. This allowed us to be naturally CRA compliant from the very beginning.’
For more information on the FoundriesFactory platform, the Linux micro-platform, and details about the Cyber Resilience Act and the EU Cybersecurity Regulation Proposal for Digital Products, visit the Foundries.io website.