wolfSSL Inc. announced full support for the EU Cyber Resilience Act (CRA) across its product portfolio, helping manufacturers meet mandatory cybersecurity requirements for connected and embedded devices sold in the EU. This includes secure development practices, vulnerability management, and long-term post-market support such as CVE remediation.
EDMONDS, Wash., March 2, 2026 /PRNewswire-PRWeb/ — wolfSSL Inc., a provider of embedded cryptography and secure communication solutions, today announced full support for CRA for all of its products.
The CRA establishes binding cybersecurity obligations for products with digital elements placed on the EU market, including secure development practices, vulnerability management, and post-market maintenance responsibilities tied directly to market access.
“At wolfSSL, we are committed to supporting our customers in meeting CRA obligations across the full product lifecycle,” said Todd Ouska, CTO of wolfSSL. “We will fully follow the law and support manufacturers selling devices into the EU market, including long-term vulnerability management and CVE remediation where required.”
Supporting CRA Security Requirements Across the Product Lifecycle
The CRA emphasizes continuous security — from secure design through post-market vulnerability handling. wolfSSL provides embedded security components designed to help manufacturers implement these requirements in practice, including the long term support.
Secure Communication and Data Protection
wolfSSL enables encrypted communication for connected devices through:
- TLS 1.3 and DTLS 1.3 for encrypting data in transit
- Support for authenticated encryption and modern cipher suites
- Configuration options suitable for embedded and resource-constrained environments
Strong Cryptography and Secure Key Handling
To address CRA expectations around cryptographic robustness and key management, wolfSSL offers:
- Modern cryptographic primitives, including AES, RSA, ECC, EdDSA, and post-quantum algorithms
- Integration with secure elements, TPMs, and hardware security modules (HSMs) for hardware-backed key protection
- FIPS 140-3 validated cryptographic modules for regulated markets where required
Firmware Integrity and Secure Boot
The CRA requires protection against unauthorized firmware execution and the reintroduction of known vulnerabilities. wolfBoot, wolfSSL’s secure bootloader, supports:
- Cryptographic verification of firmware at boot
- Authenticated firmware updates, including over-the-air (OTA) delivery
- Optional rollback protection mechanisms
- Deterministic verification paths suitable for regulated embedded systems
Vulnerability Management and Coordinated Disclosure
Post-market maintenance is a central pillar of the CRA. To support ongoing obligations, wolfSSL maintains:
- Structured vulnerability intake and coordinated disclosure processes
- CVE tracking and timely remediation support
- Long-term maintenance options aligned with extended product lifecycles
Transparency and SBOM Support
The CRA requires manufacturers to maintain Software Bills of Materials (SBOMs) to support supply chain transparency and vulnerability tracking.
wolfSSL supports SBOM-driven compliance through:
- Software components with minimal external dependencies
- Clear component traceability
- Documentation supporting secure configuration and lifecycle maintenance
- Alignment with documentation practices used in FIPS 140-3, DO-178C, MISRA-C, and IEC 62443 contexts
The CRA does not require individual third-party components to be “CRA certified.” However, manufacturers remain responsible for understanding and maintaining the security posture of all included software components.
Aligning CRA with Existing Security Standards
Many manufacturers already follow standards such as IEC 62443 and ETSI EN 303 645. wolfSSL’s documentation practices and lifecycle support help bridge existing security programs with emerging CRA conformity assessment pathways.
By combining deterministic embedded cryptography, secure boot infrastructure, and structured vulnerability response processes, wolfSSL enables manufacturers to design products that support both technical security requirements and regulatory expectations.
Preparing for CRA Enforcement
As CRA enforcement approaches, manufacturers must demonstrate not only secure product design, but ongoing vulnerability management, documented security processes, and lifecycle support. The regulation shifts cybersecurity from a design-time consideration to a sustained compliance obligation tied directly to market access.
wolfSSL’s embedded security portfolio combines deterministic cryptography, secure boot infrastructure, and structured vulnerability response processes to help manufacturers address both technical and regulatory expectations under the CRA.
For more information, contact your existing wolfSSL representative or email facts@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now