CRA compliance documentation,
structured for you
A free tool that helps hardware and software vendors build their documentation for the EU Cyber Resilience Act. Fill out a guided wizard, download two zip files, and have a credible starting point in under an hour.
What you get
Public Security Center
A static website your customers can browse: contact info, update policy, secure usage guide, and EU Declaration of Conformity.
Private Technical File
A separate archive for internal use and regulatory authorities: architecture, risk assessment, standards, and vulnerability handling.
Guided Wizard
14 steps across 4 chapters. Inline help explains every field. Skip what you don't know yet and come back later.
How it works
- 1
Fill out the wizard
Answer questions about your product, your update mechanism, and your security practices.
- 2
Review and generate
Preview what will be in each document. Parked fields show as visible placeholders.
- 3
Download two zips
One public website to host for customers, one private archive for auditors.
What is the CRA?
The Cyber Resilience Act (Regulation (EU) 2024/2847) requires manufacturers of products with digital elements to maintain security documentation throughout the product lifecycle. This includes a public security advisory page, a private technical file for regulators, and evidence of ongoing vulnerability handling.
This tool gives you templates and prompts — you fill in the details unique to your product. It is not legal advice. Use it as a starting point, not a finish line.
Ready to start?
Built by Golioth — device management and secure OTA updates for IoT products.