Hello
does it exist a manual or a checklist of tasks to be performed to secure a B&R PLC for CRA?
For example:
Thank you
Marco Sartori
Well not exactly a checklist but B&R provides system‑hardening guidance, training, and best‑practice documents that map well to the requirements of the EU Cyber Resilience Act (CRA) here
https://www.br-automation.com/en-gb/academy/online-courses/axis-coupling-with-mapp-motion-soc4171/
For OPC UA server you can do things like
Disable anonymous login
Enforce certificate‑based authentication.
Enable encryption (TLS).
Restrict namespaces and exposed variables.
Limit endpoints to required security policies only (e.g., Basic256Sha256).
For FTP you can
Use FTPS (TLS‑secured).
Restrict user accounts and directories.
Disable write access unless strictly necessary.
And for PLC connection you can
Use Secure Remote Maintenance or Automation Studio Secure Connection.
Enforce certificate‑based authentication.
Disable “online change” for unauthorized users.
Restrict programming ports to engineering VLAN only.
thanks Nicolas
is the correct link?
Marco
Woops no, this is the correct link.
Its an online course but I also realized its a paid online course we offer
Unfortunately what will be completely CRA compliant is still in the works so I cant provide much more information for now