アイティアクセス List of Products and Services

One of the important elements of CRA is "SBOM compliance." SBOM stands for "Software Bill of Materials," which is a list that outlines the components that make up the software and the dependencies between those components. This article will clarify the role of SBOM in CRA, organize the relationships corresponding to each CRA clause, and explain the key points to understand in practice. Specifically, it will cover the creation, operation, and provision structure of SBOM, as well as introduce internal training and vendor collaboration.

• Software (middle, driver, security, etc.)

Many IT companies involved in the development of IoT devices and digital products may be wondering whether their products need to comply with the CRA (Cyber Resilience Act). The CRA is a cybersecurity regulation being promoted by the EU, which requires comprehensive measures from product design to update systems. This article will clearly explain the overview of the CRA, the products it applies to, and the measures companies should take.

• Software (middle, driver, security, etc.)

Linux, which is used by many companies, is generally considered to be secure. However, vulnerabilities can arise due to design flaws in the system or operational deficiencies, leading to incidents such as information leaks and service outages. Vulnerabilities refer to security flaws that exist in systems or software. Therefore, early detection and prompt measures are crucial for addressing vulnerabilities. This article will clearly explain the basics of Linux vulnerabilities, actual case studies of damage, and practical countermeasures that can be implemented immediately.

• Software (middle, driver, security, etc.)

Linux is adopted by many systems due to its high stability and flexibility. However, even Linux, which is said to be secure, cannot perfectly respond to modern sophisticated cyber attacks. In reality, Linux is exposed to vulnerabilities and malware threats, and appropriate security measures are necessary. This article comprehensively explains essential points from a security perspective, including vulnerability management, access control, and malware countermeasures for Linux. It also introduces practical methods for operating Linux systems more securely, such as advanced features like SELinux and AppArmor, CVE response operational flows, and leveraging commercial support.

• Software (middle, driver, security, etc.)

The "CRA (Cyber Resilience Act)" set to be implemented in the EU is a new regulation that significantly strengthens the security requirements for IT products. The increase in cyber attacks alongside the proliferation of digital products has become a serious social and economic issue. The implementation of the CRA will have a major impact on Japanese companies dealing with products for the EU, leading to a rapid increase in interest in the CRA within Japan. Many company representatives may be wondering, "Is our product affected?" and "What should we prepare and by when?" This article will explain the overview of the CRA, the implementation schedule, the requirements based on the annexes, the impact on companies, and the specific challenges faced by Japanese companies. Please use this information as knowledge necessary for future responses and to determine the direction of your measures.

• Software (middle, driver, security, etc.)

This introduces the service overview of the American company wolfSSL, which provides security features for embedded devices and IoT devices. The lightweight and fast TLS library "wolfSSL" is compatible with RTOS and embedded Linux, and ensures compatibility with OpenSSL. Additionally, "wolfCrypt" can function as a standalone cryptographic module with FIPS compliance and hardware integration capabilities. "wolfBoot" supports secure boot and OTA updates, and also includes tamper detection features. These products are offered with commercial licenses and technical support, making them effective for industrial applications that require compliance with FIPS and ISO standards.

• Software (middle, driver, security, etc.)

This is an introduction to the OSS risk management system provided by Onward Security. To address the risks of vulnerabilities and license violations as the use of OSS increases, two tools, "SecSAM" and "SecDevice," are presented. SecSAM is a platform that can integrate and manage CVE, CWE, license information, and SBOM, and it also supports SPDX, CycloneDX, and VEX. SecDevice automatically detects vulnerabilities at the binary level through fuzzing and enables centralized risk management in conjunction with SecSAM. This allows for the management of OSS risks throughout the entire lifecycle and contributes to compliance with regulations such as CRA and NIST.

• Software (middle, driver, security, etc.)

Introducing a one-stop solution provided by IT Access for companies struggling to comply with the EU Cyber Resilience Act (CRA). Engineers with 15 to 30 years of experience assist companies that lack understanding of the CRA or find it difficult to determine compliance standards, supporting them from organizing security requirements to modifications and obtaining certifications. We also support the provision and implementation of necessary tools such as wolfSSL's "wolfBoot" and "wolfCrypt," as well as Onward Security's "SecDevice" and "SecSAM." Furthermore, we provide comprehensive support from evaluation in our testing lab to application to the certification body DEKRA. We offer comprehensive assistance for CRA compliance.

• Software (middle, driver, security, etc.)

■Features Media-less storage breaks away from the conventional wisdom that storage silicon equals media, offering a new form of storage. By providing a new storage solution equipped with scalability, safety, and sustainability, we help customers free themselves from storage-related concerns. ■Scalability Media-less storage projects its data to NAS or the cloud, allowing for changes to storage capacity and contents at any time. This liberates customers from worries related to insufficient capacity. ■Safety Media-less storage allows changes to device access rights and the contents of projected media from a web UI, either on-premises or in the cloud. This reduces the risk of data leakage from loss or theft. ■Continuity Media-less storage does not have silicon media as a data storage area. Therefore, it is free from lifespan issues and failures associated with traditional silicon media, such as destruction or defects due to excessive writing.

• Software (middle, driver, security, etc.)

"SPARK Pro" is a toolset that uses a formally verifiable subset of the Ada 2012 language, bringing mathematically-based reliability to software verification. With this product, you can formally define and automatically verify software architecture requirements. It can reduce runtime errors and guarantee properties related to a wide range of software integrity, such as the application of safety properties or security policies, and compliance with functional accuracy (conformance to formally defined specifications). [Features] - Data flow analysis - Information flow analysis - Detection of runtime exceptions - Property checking - Level-based verification *For more details, please refer to the PDF materials or feel free to contact us.

• Software (middle, driver, security, etc.)