If you are a device manufacturer dealing with the mandatory requirements of the Cyber Resilience Act — this project developed 4 open-source tools that automate security assessments. This helps you prove your product is secure before it hits the market.
Automated Cybersecurity Certification Tools for EU Regulatory Compliance
Imagine having a digital health check-up for your software to make sure it meets strict EU laws. Instead of guessing if your security is good enough, these tools act like a high-tech scanner to find holes in your encryption and hardware. It's like a professional home inspection, but for the code that protects your company's data.
What needed solving
Companies struggle to keep up with the complex and evolving EU cybersecurity regulations like the CSA and CRA. Manual security certification is slow, expensive, and often lacks transparency.
What was built
A suite of 4 enhanced open-source tools (TLS-Scanner, SCRUTINY, ALVIE, and sec-certs) for automated security assessment and certification analysis.
Who needs this
Who can put this to work
If you are a software provider dealing with complex TLS encryption standards — this project developed the TLS-Scanner tool. It allows you to verify that your secure connections are actually protecting client data according to EU standards.
If you are an integrator dealing with vulnerabilities in hardware architectures — this project developed ALVIE for testing embedded security. This reduces the risk of costly recalls by finding flaws in the hardware design early.
Quick answers
What is the cost or price for using these tools?
Based on available project data, the tools are based on open-source research, but specific pricing for commercial support is not mentioned.
Can these tools be used at an industrial scale?
The project involves 5 industry partners to ensure the tools meet the needs of ICT producers and consumers in the digital single market.
What is the IP or licensing model?
The project focuses on adapting four open-source tools, suggesting a transparent and open licensing approach for the software.
How does this help with EU regulations?
The tools are specifically aligned with the Cybersecurity Act (CSA) and the Cyber Resilience Act (CRA) to simplify certification.
When will the tools be available for business use?
The project period runs from 2026-01-01 to 2028-12-31, indicating the tools will be refined during this window.
Who built it
The consortium is well-balanced for technology transfer, featuring a 56% industry ratio with 5 companies, including 3 SMEs. With 4 universities and 9 total partners across 4 countries (CZ, DE, EE, IT), the project combines academic rigor with practical market needs.
Contact Masarykova univerzita in the Czech Republic
Talk to the team behind this work.
Contact us to connect with the CCAT consortium for early tool access.