Cyber Resilience Act (CRA) – User Instructions Checklist

This checklist helps ensure that users are provided with the information necessary to install, operate, maintain, and use products securely throughout their supported lifecycle.

Product Information

• ☐ Product name and version are clearly identified.
• ☐ Product purpose and intended use are documented.
• ☐ System requirements are provided.
• ☐ Supported operating systems and platforms are listed.
• ☐ Product support period is published.

Installation Instructions

• ☐ Installation procedures are documented.
• ☐ Secure installation guidance is provided.
• ☐ Default credentials are changed during setup.
• ☐ Initial security configuration steps are documented.
• ☐ Network and connectivity requirements are explained.

Secure Configuration

• ☐ Security settings are explained.
• ☐ Password requirements are documented.
• ☐ Multi-factor authentication guidance is provided.
• ☐ User access permissions are explained.
• ☐ Recommended security settings are identified.

Safe Use Guidance

• ☐ Users are informed of known security risks.
• ☐ Appropriate use limitations are described.
• ☐ Security best practices are provided.
• ☐ Data protection recommendations are included.
• ☐ Backup and recovery guidance is available.

Security Updates

• ☐ Users are informed how updates are delivered.
• ☐ Instructions for installing updates are provided.
• ☐ Security update notifications are available.
• ☐ Automatic update settings are explained.
• ☐ Update verification procedures are documented.

Vulnerability Reporting

• ☐ Users can report security vulnerabilities.
• ☐ Security contact information is published.
• ☐ Reporting instructions are available.
• ☐ Expected response times are communicated.
• ☐ Vulnerability Disclosure Policy is accessible.

Incident Reporting

• ☐ Users know how to report suspected security incidents.
• ☐ Contact details for urgent security matters are provided.
• ☐ Incident reporting procedures are documented.
• ☐ Required information for incident reports is explained.

Maintenance and Support

• ☐ Product maintenance procedures are documented.
• ☐ Support contact information is available.
• ☐ Support hours and availability are published.
• ☐ End-of-support dates are communicated.
• ☐ Product retirement procedures are explained.

Privacy and Data Protection

• ☐ Data collection practices are described.
• ☐ Privacy information is available.
• ☐ Data storage and retention details are provided.
• ☐ User responsibilities regarding personal data are explained.

Security Contact Information

Security Team:
Email: [email protected]

Vulnerability Reporting:
Email: [email protected]

Support Desk:
Email: [email protected]

User Acknowledgement

Users are encouraged to review security guidance regularly, install updates promptly, report suspected vulnerabilities, and follow recommended security practices to maintain the security and integrity of the product.