As part of our website, we use cookies to provide you with the highest level of service, including services tailored to your individual needs. By continuing to use the website without changing your cookie settings, you agree to the placement of cookies on your device as described in our Privacy Policy. You can change your cookie settings in your web browser at any time. Acceptance of essential cookies is required for the proper functioning of the website. For more detailed information, please refer to our PRIVACY POLICY.

2024.12.01 – 2026.05.31

Logo Projekt OSCRAT

OSCRAT

Open-Source Cyber Resilience Act Tools Open-source tools for the Cyber Resilience Act
4 logotypy

The OSCRAT project is co-funded by the European Union under the Digital Europe Programme (Grant Agreement No: 101190180 — OSCRAT — DIGITAL-ECCC-2024-DEPLOY-CYBER-06).

The aim of the project is to enhance the resilience of European products to cyberattacks by developing an open-source platform that supports compliance with Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements (Cyber Resilience Act, CRA).

The OSCRAT platform will provide a set of tools supporting small and medium-sized enterprises (SMEs) in assessing and implementing the core security requirements of the CRA in order to obtain the EU declaration of conformity required to place products on the European market.

The platform will support CRA compliance through:

  • The ability to perform self-assessment based on checklists identifying supplier roles and digital product categories, with tailored question sets and the option to generate an assessment report serving as input for the EU declaration of conformity.
  • Manual and automated creation of Software Bill of Materials (SBOM) files, along with their analysis to detect vulnerabilities and ensure supply chain security.
  • Provision of tools for creating vulnerability management policies and supporting vulnerability handling processes in accordance with the CRA and ISO standards, including establishing communication channels to report vulnerabilities to the European Union Agency for Cybersecurity (ENISA), ensuring timely and coordinated information sharing.
  • Enabling management of security incidents, assessment of incident severity, and reporting of critical incidents to ENISA and Computer Security Incident Response Teams (CSIRTs), enhancing response and mitigation capabilities.
  • Providing a central repository for technical and user documentation, SBOM files, conformity assessment reports, vulnerability management policies, incident reports, security patches, certificates, and declarations of conformity.

Łukasiewicz – AI leads the work package “WP2 Requirements Gathering and Analysis”, which will define the scope and requirements for the development of all OSCRAT platform tools. These requirements will be used to design tool models, user interaction methods, graphical user interfaces, and cybersecurity requirement specifications for conformity assessment across all product categories defined in the CRA.

The OSCRAT project includes work packages for the design, development, and testing of platform tools, as well as for promoting the project results, in which Łukasiewicz – AI also actively participates.

The project plans activities to increase engagement with companies to identify their needs and requirements for CRA compliance. These activities include:

  • Workshops and training sessions aimed at educating companies on cybersecurity best practices and specific CRA requirements, providing practical guidance for effective use of OSCRAT tools and implementation of tailored cybersecurity measures.
  • Demonstrations of OSCRAT use cases for conformity assessment to showcase practical applications of the platform and promote best practices, including real-life scenarios and approaches to achieve CRA compliance.
  • Conferences and panel discussions raising awareness and emphasizing the importance of risk and vulnerability analysis.

These activities complement the technical solutions of the OSCRAT project, creating a comprehensive approach to supporting European companies in developing secure and resilient products throughout their entire lifecycle.

 

PROJECT PARTNERS:

PMF SRL (P.M.F Research), Italy – Project Leader

Oves Enterprise S.R.L., Romania

Enersec Technology S.R.L., Romania

Tsifrov Inovatsionen Hab Trakia (EDIH Trakia), Bulgaria

Łukasiewicz Research Network – Institute of Artificial Intelligence and Cybersecurity, Poland

Unicis.Tech OU, Estonia

PROJECT BUDGET: In the OSCRAT project, the total eligible costs amount to €2,866,118.05, of which the grant amounts to €2,001,634.29. The total value of the project for Łukasiewicz – AI is €434,955.00, including financial resources granted by the Minister of Science and Higher Education in the amount of PLN 824,609.00 from national funds.

Funded by the European Union. The views and opinions expressed are solely those of the author(s) and do not necessarily reflect the views and opinions of the European Union or the European Cybersecurity Competence Centre (ECCC). Neither the European Union nor the ECCC can be held responsible for them.

Project website: https://oscrat.eu/

Logotypy ECCC oraz Cofunded by the EU

This will close in 0 seconds