Ready for the Cyber Resilience Act
Posted to News on 22nd Aug 2025, 13:30

Ready for the Cyber Resilience Act

The Cyber Resilience Act (CRA), which came into force at the end of 2024, presents companies with the challenge of making their digital products comprehensively secure. The Bosch Rexroth operating system ctrlX OS is already well prepared for the requirements of the CRA and shows how manufacturing companies can future-proof themselves with this solution.

Ready for the Cyber Resilience Act

(See Bosch Rexroth at MachineBuilding.Live, 15 October 2025, on stand 182)

The CRA requires manufacturers to design products with digital components in such a way as to ensure a high level of cybersecurity. Firstly, it imposes requirements on the cybersecurity of products with digital elements, and secondly on processes established by manufacturers for dealing with vulnerabilities, in order to ensure cybersecurity during the period of support for products.

In addition to a detailed risk assessment, cyber risks must already be taken into account in product development. The products must be designed to be secure by default and capable of being updated. In addition, the CRA requires that critical security incidents and exploited vulnerabilities are reported within 24 hours and remediated quickly through updates.

"The Cyber Resilience Act sets mandatory cybersecurity requirements for both manufacturers and resellers throughout the product life cycle - for all products that are linked to another device or network. With ctrlX OS we are already well prepared for the requirements of the CRA. Customers can be confident that our products will set them up for the future," explains Steffen Winkler, Senior Vice President Sales Business Unit Automation and Electrification Solutions at Bosch Rexroth.

ctrlX OS is ready for the CRA

The ctrlX OS Linux-based operating system is a key element in the Bosch Rexroth world of automation. ctrlX OS is secure by design and secure by default and certified according to IEC 62443-4-2 Security Level 2 by TUV Rheinland. Data that is saved, transferred or otherwise processed is fully protected. It also provides a platform to quickly and reliably issue and apply security patches without impacting operation.

The operating system with ecosystem is provided for the industrial environment and can thus also be used by other providers on their automation components. Consequently, all devices based on ctrlX OS - whether they're from Bosch Rexroth or third-party vendors - meet very high standards with regard to cybersecurity. For these reasons, ctrlX OS is considered one of the most modern, open, and secure operating systems.

Control system ctrlX CORE provides cybersecurity

One example of a Bosch Rexroth ctrlX OS device is the control system ctrlX CORE, which is designed to be secure as standard. ctrlX CORE ensures a very high level of cybersecurity thanks to secure by default and secure by design and through compliance with international standards. All user access on the devices is subject to strict password rules by default. The level of protection can be increased even more, if necessary.

Functional extensions and vulnerability remediation updates are also regularly provided through a secure channel. Access to device data always requires authentication and authorisation. The control system uses the ctrlX OS certified according to IEC 62443-4-2 and thus complies with the latest cybersecurity standards.

In addition, the control system can be extended with additional security applications from the ctrlX OS Store as required, for example with the Security Scanner, Firewall and VPN Client apps. These support users in meeting the requirements of the CRA for their machines. The Firewall app reduces vulnerabilities to a minimum. The VPN Client ensures secure remote maintenance and protected access to the devices from external networks. Access can be restricted based on the machine status and on-site approval.

As part of the machine acceptance checks at network level, the Security Scanner enables the complete inventory of all components as well as the assessment of the entire machinery's security status. Potential vulnerabilities can therefore be identified and targeted.

Retrofit: the control system also makes existing machines secure

The control system ctrlX CORE provides cybersecurity for both new and existing industrial environments. "To meet the requirements of the CRA and especially in the context of increasing cyber attacks, it is essential to also safeguard existing machines.

"The ctrlX CORE can also be used as a security gateway in automation solutions with third-party hardware and software to make them secure. With the ctrlX CORE, modern cybersecurity functions can also be integrated into older systems. This is a key advantage in the brownfield environment," says Winkler.

Customised security concepts

Bosch Rexroth also supports companies with comprehensive consulting and services in the area of cybersecurity. This includes, for example, carrying out threat analysis and risk assessments, security scans, and training to build IT security skills. Customised cybersecurity concepts are developed and implemented together with the users.

"We are currently consistently aligning all products and services to ensure that companies comply with the regulations and can thus design their systems securely and robustly in the long term - this is the only way for them to be ready for the future," says Winkler.

As one of the world's leading suppliers of drive and control technologies, Bosch Rexroth ensures efficient, powerful and safe movement in machines and systems of any size. The company bundles global application experience in the market segments of Mobile and Industrial Applications as well as Factory Automation.

With its intelligent components, customised system solutions, engineering and services, Bosch Rexroth is creating the necessary environment for fully connected applications. Bosch Rexroth offers its customers hydraulics, electric drive and control technology, gear technology and linear motion and assembly technology, including software and interfaces to the Internet of Things. With locations in over 80 countries, around 33,800 associates generated sales revenue of 7.6 billion euros in 2023.

Want the latest machine building news straight to your inbox? Become a MachineBuilding member for free today >>


Bosch Rexroth UK Ltd

15 Cromwell Road
St Neots
PE19 2ES
UNITED KINGDOM

0345 6044106 (01480223253)

Control Technologies UK Ltd Lenze Ltd Pilz Automation Technology AutomateUK ABSSAC Ltd Mechan Controls Ltd Smartscan Ltd STOBER Drives Ltd Telemecanique Sensors Aerotech Ltd Kawasaki Robotics (UK) Ltd Energy Efficient Drive Systems Ltd Heidenhain GB Ltd Micro Epsilon UK Limited