OSCRAT: Open-Source Cyber Resilience Act Tools

OSCRAT project is committed to enhance cybersecurity resilience among European SMEs through the development of an open-source, completely free, tool dedicated to supporting compliance with the Cyber Resilience Act (CRA).

Our goal is to equip small and medium-sized European enterprises, policy & decision makers, Digital Innovation Hubs and industrial associations with all the necessary resources to enhance cybersecurity practices in the modern digital landscape.

Discover

OSCRAT’s Objectives

  • Increase the cyber resilience of SMEs;
  • Facilitate compliance with the CRA;
  • Promote cross-border collaboration;
  • Support environmental sustainability;
  • Promote consistency with EU policies.

Lorem ipsum dolor sit amet consectetur.

Discover

The OSCRAT Tool

SBOM Generation: integration into the security pipeline to track the build process, enhance security and the risk of data corruption;

Vulnerability Assessment: we utilize the Open Vulnerability and Assessment Language (OVAL) for publicly accessible security information, covering various operating systems with available public OVAL streams;

Incident Response: The OpenSSF OSS-SIRT Special Interest Group guides SMEs on incident management according to international standards and reports incidents to ENISA, EU CyCLONe, and others;

Identifying and evaluating vulnerabilities continuously, allocating and overseeing corrective measures. This will help provide resilient compliance management, which will include the inclusion of compliance and risk into the development pipeline, and the management of compliance and risk treatment actions. It will also provide an overall action management to track actions from all other modules;

Documentation Centralization: OSCRAT will create a centralized repository for digital product documentation, including Conformity Assessment Reports, SBOM reports, Vulnerability Disclosure Policies, Incident Reports, and Certifications of Conformity. This comprehensive approach enhances transparency and facilitates compliance for SMEs

Self-Assessment and Third-Party Audits: SMEs will be able to do self-assessments and give auditors access to collected evidence from OSCRAT tools. This will lead to a conformity certificate.

Project Partners

unicis-new
trakia-new
esernec new
oves-new
emag
pmf-new

Follow us on social media

Linkedin X-twitter Youtube Github

Co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Industrial, Technology and Research Competence Centre. Neither the European Union nor the granting authority can be held responsible for them. – Project: 101190180