安全

CRA Readiness that is Built on Secure Product Design, Lifecycle Governance, and Coordinated Vulnerability Handling.

Silicon Labs is reviewing and updating our existing products, processes, and supporting documentation to ensure conformance with the European Union Cyber Resilience Act (CRA). Our approach combines secure-by-design development, product security governance, public vulnerability handling, and evidence-backed readiness activities across the product lifecycle.
 

Our Commitment to the Cyber Resilience Act

The CRA determines horizontal cybersecurity requirements for products with digital elements placed on the EU market. It raises expectations for secure development, vulnerability handling, user information, technical documentation, and lifecycle support.

Silicon Labs will ensure conformance to our applicable CRA obligations for secure product lifecycle controls, documentation, PSIRT operations with coordinated vulnerability handling, and internal practices. These practices have already been in place, based on other security standards, certifications, and/or frameworks.

This page is designed to communicate that readiness while linking visitors to the official regulation text, relevant certification pages, product security resources, and reporting channels. 

Why This Matters

Product manufacturers need confidence that their silicon and software suppliers can support secure deployment, vulnerability response, software transparency, and lifecycle maintenance under tightening global regulations.  

CRA Milestones

CRA Key Topics

See below for more on the CRA Key Topics as well as answers to FAQs.

Silicon Labs Assurance

Alignment with CRA Key Topics

Cyber Risk Assesment
 

• PSA 4 级认证: Series 3 Secure Vault establishes a high-assurance hardware root of trust and demonstrates independently validated resistance to sophisticated physical and software attacks. Click here to learn more about this achievement.
• ISO 27001:2022 Certified: Our Information Security Management System supports secure validation and governance across the company, with product security embedded throughout the design, development, and testing processes. View our ISO 27001 Certificate here.

General Requirements

• Secure Design: Hardware Design with security in mind by creating innovative solutions such as Secure Vault™. Software Development that follows industry-recognized secure coding standards and internal guidelines emphasizing code safety
• Vulnerability Management: A centralized system that tracks potential vulnerabilities and ensures prompt triage, remediation, documentation, and a feedback system that strengthens product resilience.
• Continuous Improvement: Security Testing (threat modeling, fuzz testing, regression testing, and periodic penetration assessments) performed throughout the product lifecycle, not just before release.

Information and Instructions to the Users
 

• Developer Documentation and Answers to Security Vulnerability FAQs: We provide product security resources (powered with AskAI), user guidance, and training resources to help developers implement secure products and maintain them through deployment. Visit our software documentation site, docs.silabs.com and our Security Vulnerability FAQs.
• Training Resources and Developer Enablement: Silicon Labs provides a broad public training ecosystem to help customers implement secure and compliant products, including Tech Talks, Works With on-demand sessions, webinars, and structured curricula across wireless, security, software, and application domains. Click on each link above to learn more.

技术文档
 

• Technical Documentation for Series 3: The Series 3 wireless platform page connects customers to product information, technical resources, software documentation, hardware documentation, and development tools. We also offer information on SDK Support Policy, SEMS, and Hardware Longevity Commitment, helping support secure implementation and lifecycle adoption for next-generation IoT designs. Learn more about the Series 3 platform.
• SBOM Generation in Simplicity Studio: Simplicity Studio can automatically generate SBOM artifacts in SPDX and CycloneDX formats for supported SLC projects, helping customers manage dependency visibility and software transparency. Learn more about SBOM Generation.

Reporting Requirements
 

• PSIRT and Vulnerability Disclosure Program: Silicon Labs operates a public vulnerability reporting channel, disclosure policy, and response targets to support coordinated vulnerability handling throughout the product lifecycle. Read our Vulnerability Disclosure Policy.
• CVE Numbering Authority (CNA) with MITRE: Silicon Labs has been a CNA with MITRE since 2021 年 11 月. To date, only 201 organizations from 32 countries participate in the CVE Program as CNAs. Browse the list of CVEs issued by Silicon Labs. Silicon Labs will be following the security reporting requirements directed by the EU, when its Single Reporting Platform becomes available in 2026 年 9 月.
• Addressing Security Vulnerabilities: Silicon Labs maintains updates to software including for fixes to security vulnerabilities. See SDK Release and Maintenance Policy for more information.

常见问答

This FAQ addresses practical questions about CRA readiness, product lifecycle alignment, documentation, and vulnerability handling.