If you are a manufacturer dealing with complex products made of multiple third-party components — this project developed a Composite Inspection and Certification system that makes the certification process more agile and less costly.
Agile Cybersecurity Certification Platform for Complex ICT Products and Services
Imagine trying to get a safety certificate for a Lego castle where every brick comes from a different company. Instead of checking every single brick one by one every time you add a new one, this tool lets you reuse previous checks and share them securely. It acts like a trusted digital bridge where the maker and the inspector can agree on security rules without leaking secrets.
What needed solving
Cybersecurity certification for complex ICT products is currently too slow, expensive, and rigid. Vendors struggle to maintain certifications when updating individual components of a composite system.
What was built
A Composite Inspection and Certification (CIC) platform featuring a Dynamic Risk Assessment (DRA) component and a cryptographically enforced Trusted Execution Environment.
Who needs this
Who can put this to work
If you are a vendor dealing with embedded AI components that need strict security validation — this project developed a platform with a Dynamic Risk Assessment component that helps generate security profiles quickly.
If you are a service provider dealing with the need for continuous security updates and maintenance — this project developed a trusted execution environment that ensures a secure chain of custody during assessment.
Quick answers
How does this reduce the cost of certification?
The platform enables information sharing and re-use of certification data for building blocks, which makes the process more efficient and less expensive for the industry.
Can this be scaled to different types of ICT products?
Yes, it is designed for composite ICT products, services, and processes across multiple assurance levels, including those with embedded AI.
Who owns the IP or how is it licensed?
Based on available project data, specific licensing terms are not mentioned, but the project involves 18 partners including 11 SMEs.
Does this help with EU law compliance?
Yes, it specifically targets the requirements introduced by the EU Cybersecurity Act (EUCSA) and the Cyber Resilience Act (CRA).
What is the timeline for deployment?
The project runs from 2023-10-01 to 2026-09-30, with a first prototype already developed as of month 18.
How does it integrate with existing vendor tools?
The platform is designed to overlap and interact with existing risk management and continuous integration tools used by vendors.
Who built it
The consortium is heavily industry-driven with a 72% industry ratio, comprising 13 industrial partners, 11 of which are SMEs. This strong commercial presence, combined with 3 Conformity Assessment Organizations and leadership by RISE, suggests the output is designed for immediate market utility rather than purely academic research.
Contact RISE Research Institutes of Sweden AB
Talk to the team behind this work.
Contact us to connect with the CUSTODES consortium for pilot opportunities.