All Features
Compliance Assessment

Structured compliance assessment with STRIDE threat modeling

8 CRA requirements, multi-framework assessments, STRIDE modeling, and automated reports

The Cyber Resilience Act defines comprehensive conformity assessment procedures in Articles 28-51 and Annex VIII. Kunnus covers the entire process: from the CRA Compliance Engine with eight requirements through structured assessments for vendors, components, and products to STRIDE threat modeling -- with automated compliance reports.

8 RequirementsCRA Engine
STRIDEModeling
Multi-FrameworkAssessments
Auto-ReportsCompliance
app.kunnus.tech/dashboard

Products

6

total

Assess.

0

0%

Vulns

2

open

Issues

0

open

Product ComplianceShow all →
SmartLine Pro 1000
100%
SmartLine Pro 2000
65%
SmartLine 3000 ATEX
61%
SmartLine CloudLite
63%
SmartLine 3000
45%

Key Benefits

CRA Compliance Engine -- 8 Requirements

Tracks SBOM, Architecture, Classification, Vulnerability Policy, Security Testing, Incident Response, Secure Development, and Market Documentation. Each requirement with clear status.

Compliance Assessments (Vendor/Component/Product)

Full lifecycle: Not Started, In Progress, Ready, Approved. Risk levels L/M/H/Critical. Configurable criteria, evidence upload, and review dates.

Threat Modeling (STRIDE)

4-step wizard: Template, Assets, Threats, Review. Inherited threats from components. Template library for common scenarios.

Compliance Dashboard & Reports

Risk distribution, approval rate, timeline chart, and critical-issues cards. Automated reports for management and auditors.

Capabilities

CRA Compliance Engine with 8 Requirements

Art. 28-51

Automatically tracks the status of all eight core CRA requirements per product: SBOM, Architecture, Classification, Vulnerability Policy, Security Testing, Incident Response, Secure Development, and Market Documentation.

Assessment Frameworks

Annex VIII

Global read-only and editable organization frameworks. Pre-built: CRA Vendor & Component Security Assessments. Extensible with custom criteria.

STRIDE Threat Modeling

Art. 13(2)

4-step wizard: select template, define assets, identify threats, conduct review. Inherited threats from components are automatically carried over.

Evidence Upload & Review Workflow

Upload evidence directly to each assessment criterion. Review dates ensure timely approvals. Full audit trail.

Automated Compliance Reports

Risk distribution, approval rate, timeline chart, and critical issues at a glance. Export for management reporting and external audits.

Use Cases

01

CRA Conformity Assessment per Annex VIII

A manufacturer uses the CRA Compliance Engine to systematically work through all eight requirements. The dashboard shows real-time progress -- auditors receive a structured evidence trail.

02

Vendor Risk Assessment

Before integrating a third-party component, an assessment is conducted using the pre-built CRA Vendor Security Assessment framework. Risks are identified early.

03

Product-Specific Threat Analysis

For each product, a STRIDE threat model is created. Threats from components are automatically inherited, controls documented, and residual risk status tracked.

Related Features

Product Management

Products form the basis for assessments -- including classification and architecture documentation.

Learn more

Security Controls

Define and map controls to CRA requirements and international frameworks.

Learn more

Vendor Assessment

Assess vendors in a structured way using pre-built CRA assessment frameworks.

Learn more

Structure your CRA conformity assessment

See how Kunnus automates assessments, threat modeling, and compliance reporting. We'll walk you through the workflow in a personalized demo.

View Walkthrough