Integrating security from the conception phase - Security development checklist
Security must be integrated from the very conception phase of products containing digital elements.
This includes:
- delivering products with default security configurations
- ensuring protection against unauthorized access through appropriate control mechanisms such as authentication and identity management systems,
- safeguarding the confidentiality and integrity of stored, transmitted, or processed data
- minimizing data processing to what is strictly necessary
- protecting the availability of essential and basic functions through mitigation measures against denial-of-service attacks
- limiting attack surfaces, including external interfaces (by closing external ports for example)
- recording and monitoring relevant internal activity with an opt-out mechanism for the user
Furthermore, equipment manufacturers must protect products essential functions’ availability, mitigate their negative impacts on other devices or networks, limit attack surfaces, reduce incident consequences through appropriate mechanisms, and provide security-related information through activity monitoring and update notifications. That’s why security assessments are also required by the Cyber Resilience Act.
Read our article about secure by design development for Linux-based systems
Download the CRA checklist
With the upcoming Cyber Resilience Act, European device manufacturers must prepare to meet a series of technical and organizational requirements. Harmonized standards designed to guide compliance are expected to be published by October 2026, with mandatory compliance
required by the end of 2027.
Here’s a secure development checklist to help you efficiently anticipate and address these requirements.
Existing solutions to streamline security developments
Solutions like Welma Yocto Linux can significantly expedite your development process for embedded Linux systems by pre-integrating essential security requirements for the Cyber Resilience Act.
These include features such as:
- minimization,
- secure boot,
- read-only configurations,
- OTA update mechanisms,
- comprehensive cybersecurity documentation,
- and more.
Additionally, Welma Yocto Linux supports long-term maintenance through vulnerability monitoring and integration into CI pipelines, ensuring your system remains secure by design throughout its lifecycle.
You can also seek assistance from professional services firms, such as Witekio, for specialized security development needs.
