The project at a glance
OSCRAT aims at:
- Increase the cyber resilience of SMEs;
- Facilitate compliance with the CRA;
- Promote cross-border collaboration;
- Support environmental sustainability;
- Promote consistency with EU policies.
Compliance tool description
The Open-Source Cyber Resilience Act Tools (OSCRAT) project is aligned with the objectives outlined in the Cyber Resilience Act (CRA) by developing tools that will support compliance procedures for European SMEs. These tools aim to address the essential requirements of the CRA by facilitating internal compliance processes and enhancing cyber resilience among SMEs.
- Checklist Automation: OSCRAT will provide an automated checklist tool that identifies the digital product category and generates relevant self-assessment and third-party assessment checklists. This will streamline the compliance process for SMEs, enabling them to produce conformity assessment reports efficiently.
- Software Bill of Materials (SBOM) Solution: By collecting SBOM manifests or parsing project description files, OSCRAT will generate SBOM reports compliant with SPDX/CycloneDX standards. Furthermore, it will download CVE data and produce final scan reports, empowering SMEs to enhance product transparency and address vulnerabilities effectively.
- Vulnerability Automation: OSCRAT will adhere to ISO/IEC standards for vulnerability disclosure and handling, providing SMEs with a structured approach to manage vulnerabilities. It will also offer a reporting channel to relevant EU agencies, such as ENISA, ensuring timely and coordinated responses to emerging threats.
- Incident Handling Process: OSCRAT will identify the severity of incidents and, if significant, report them to key cybersecurity entities such as ENISA, EU-CyCLONe, and CSIRTS. This proactive approach will enhance incident response capabilities and mitigate the impact of cyber incidents on SMEs and the broader digital ecosystem.
- Documentation Centralization: OSCRAT will create a centralized repository for digital product documentation, including Conformity Assessment Reports, SBOM reports, Vulnerability Disclosure Policies, Incident Reports, and Certifications of Conformity. This comprehensive approach enhances transparency and facilitates compliance for SMEs.
