This is a GitHub organisation to support the development of BSI's (the German Federal Office for Information Security) Technical Guideline TR-03183 "Cyber Resilience Requirements for Manufacturers and Products", which comprises three parts.

The Technical Guideline BSI TR-03183 covers Cyber Resilience Requirements for Manufacturers and Products and supports requirements of the Cyber Resilience Act (CRA).

This Technical Guideline is intended as a collection of information and as guidance on specific aspects of the CRA, particularly for manufacturers who have not yet established proper IT security processes as a regular part of their product development and their products' vulnerability handling.

The CRA entered into force in December 2024; transitional periods are currently running until CRA's full implementation on 11 December 2027. For further information regarding the CRA, please visit: https://www.bsi.bund.de/dok/cra-en

Part 1 "General Requirements" describes requirements for Manufacturers and Products based on the CRA.

Part 2 "Software Bill of Materials (SBOM)" describes formal and technical requirements for Software Bill of Materials (SBOMs).

Part 3 “Vulnerability Reports and Notifications” describes the handling of vulnerability reports.

For more information on BSI TR-03183, please visit: https://www.bsi.bund.de/dok/TR-03183-en