Everything You Need for CRA Compliance by December 2027
Everything you need to achieve and maintain EU CRA compliance. Explore our comprehensive suite of tools with real-time notifications and team collaboration.
Kunnus is a purpose-built CRA compliance platform designed for manufacturers of products with digital elements. Unlike generic GRC tools, every feature in Kunnus is specifically engineered for the requirements of the EU Cyber Resilience Act — from automated SBOM generation in CycloneDX and SPDX formats, through continuous vulnerability monitoring mapped to your product components, to one-click audit documentation packages. The platform covers the entire compliance lifecycle: product classification according to CRA risk categories, gap analysis against all essential cybersecurity requirements, evidence collection linked to specific controls, and ENISA-ready incident reporting workflows. With Kunnus, what used to take weeks of manual effort can be accomplished in hours — reducing compliance costs by 70% while ensuring nothing is missed.
Product Inventory
Manage your entire product portfolio with hierarchical structure, variants, and versions. Classify products per CRA requirements automatically.
Hierarchical Structure
Organize products into families, variants, and versions with full parent-child relationships.
CRA Classification
Guided wizard to classify products as Default, Class I, Class II, or Critical per CRA requirements.
Bulk Import
Import products via CSV or connect to existing PLM systems for automatic synchronization.
Component Tracking
Track shared components across products to understand vulnerability impact.
Version Control
Maintain version history for audit trails and compliance documentation.
Advanced Search
Filter and search across your entire product portfolio with powerful queries.
Key Benefits
- Complete visibility into your product portfolio
- Automatic CRA classification with guided wizards
- Track component usage across all products
- Maintain audit-ready version history
- Import existing data from PLM systems
Product Hierarchy
SBOM Management
Import, store, and analyze Software Bills of Materials in CycloneDX and SPDX formats. Track component dependencies across products.
Multi-Format Support
Import SBOMs in CycloneDX (JSON/XML) and SPDX (JSON/YAML/RDF) formats.
Dependency Tree
Visualize complete dependency trees with transitive dependency tracking.
Auto-Generation
Connect CI/CD pipelines to automatically generate and update SBOMs.
License Analysis
Identify license obligations and potential conflicts across components.
Export & Share
Export SBOMs in standard formats for customers and regulatory bodies.
Change Alerts
Get notified when component dependencies change or new versions are available.
Key Benefits
- Support for all major SBOM formats
- Automatic vulnerability correlation
- License compliance tracking
- CI/CD integration for continuous updates
- Customer-ready export formats
Component Tree
CycloneDX v1.5Vulnerability Tracking
Detect vulnerabilities automatically, track SLAs, meet CRA Article 14 ENISA notification requirements, and manage risk acceptance workflows.
Auto-Detection
Automatically match SBOM components against NVD, OSV, and GitHub Advisory databases.
SLA Tracking
Track time-to-acknowledge, assess, and remediate with configurable SLA targets per severity.
ENISA Notifications
CRA Article 14 compliant: 24-hour deadline tracking for actively exploited vulnerabilities.
Risk Acceptance
Formal approval workflows for accepting risk with audit trail and expiration tracking.
Impact Analysis
See which products are affected and track per-product remediation strategies.
CVD Management
Manage coordinated vulnerability disclosure with security researchers.
Key Benefits
- CRA Article 14 ENISA notification support
- Configurable SLA targets per severity level
- Formal risk acceptance with approval workflows
- Real-time vulnerability detection from multiple sources
- Per-product impact and remediation tracking
CVE-2024-1234
CriticalCRA Compliance Dashboard
Organization-wide CRA compliance status at a glance. Track every product, identify gaps, and see exactly what needs attention — all in one central dashboard.
Product Compliance Overview
See every product's CRA readiness at a glance with color-coded progress bars and status indicators.
Per-Product Compliance Tracking
Track CRA compliance percentage per product — from 0% to 100% with clear approved/in-progress/pending states.
Vulnerability Severity Overview
Monitor open vulnerabilities across all products broken down by severity: Critical, High, Medium, Low.
SLA Status Monitoring
Track response SLAs for vulnerabilities in real-time: on track, at risk, or breached — so nothing slips through.
KPI Cards
At-a-glance metrics: total products, pending assessments, open vulnerabilities, and open issues.
Next Actions
Prioritized list of next steps: what needs your attention right now to stay on track for CRA compliance.
Key Benefits
- Organization-wide compliance visibility
- Per-product CRA readiness tracking
- Vulnerability severity at a glance
- SLA breach prevention
- Prioritized next-action recommendations
Products
6
total
Assess.
0
0%
Vulns
2
open
Issues
0
open
On Track
At Risk
Breached
Evidence & Reports
Collect and organize compliance evidence. Generate self-assessment reports and keep your team aligned with real-time alerts.
Evidence Repository
Centralized storage for all compliance documents with version control.
Auto-Collection
Connect CI/CD pipelines to automatically collect test results and scan reports.
Report Generation
One-click self-assessment reports (Konformitätserklärung) with templates.
Audit Packages
Export complete audit packages with all evidence and documentation.
Team Notifications
Real-time alerts via email, Slack, and Teams when action is needed.
Audit Trail
Complete history of all changes with who, what, when, and why.
Key Benefits
- Centralized evidence management
- Automated evidence collection
- One-click compliance reports
- Multi-channel team notifications
- Complete audit trail for compliance
Evidence Library
+ UploadVendor & Customer Portal
Assess supplier CRA compliance, publish security advisories, and share product security info through branded portals.
Vendor Assessments
Assess third-party suppliers against CRA requirements with customizable frameworks.
Security Advisories
Publish and manage security advisories for your customers.
Product Security
Display security features and compliance status per product.
Update Portal
Distribute security updates and patches to customers.
Vulnerability Reporting
Accept vulnerability reports from security researchers.
Branded Portals
Customize portals with your branding for vendors and customers.
Key Benefits
- Supplier CRA compliance tracking
- Professional customer communication
- CRA-compliant disclosure process
- Self-service update distribution
- Security researcher engagement