Compliance

Compliance reporting without the scramble

Generate audit-ready artifacts across SBOM, HBOM, and VEX while keeping vulnerability management in one place.

ARIANNA supports device teams as regulations evolve — from EU CRA to sector-specific requirements.

Evidence on demand

Compile compliance documentation in minutes, not weeks.

Key compliance capabilities

SBOM, HBOM, and VEX exports

Deliver SPDX, CycloneDX, VEX, and CSV artifacts tailored for regulators, customers, and auditors.

Audit-ready evidence trail

Keep full traceability for triage decisions, status changes, and closure rationale to simplify audits and customer reviews.

Regulatory reporting

Maintain a living compliance record for RED, NIS2, and sector-specific cybersecurity programs.

Standards and regulations supported

Automotive

  • ISO/SAE 21434 - Automotive Cybersecurity Standard
  • UNECE WP.29 / R155 & R156 - Cybersecurity and Software Updates Regulations

Industrial Automation

  • IEC 62443 Series - Industrial Automation and Control Systems Security
  • ISA/IEC 62443-4-1 - Secure Product Development Lifecycle

Medical Devices

  • FDA Pre-Market Submissions (510(k), PMA) - Cybersecurity Documentation
  • EU MDR - Medical Device Regulation with cybersecurity expectations
  • IEC TR 60601-4-5 - Security Requirements for Medical Electrical Equipment

Consumer Electronics & IoT

  • ETSI EN 303 645 - Consumer IoT Security Baseline Requirements
  • CRA EN 40000-1-x series
  • RED EN 18031

EU standards

  • The EU Cyber Resilience Act (Regulation (EU) 2024/2847) sets cybersecurity requirements for products with digital elements; it entered into force on 10 December 2024, with main obligations applying from 11 December 2027 (and incident/vulnerability reporting from 11 September 2026).
  • The RED cybersecurity delegated act (Delegated Regulation (EU) 2022/30, amended by (EU) 2023/2444) introduces cybersecurity requirements for in-scope radio equipment and applies from 1 August 2025.

Defense & Aerospace

  • NIST SP 800-53 / RMF - Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST SP 800-161 - Cybersecurity Supply Chain Risk Management Practices
  • DO-326A / ED-202A - Airworthiness Security Process Specification

Energy & Utilities

  • NERC CIP Standards - Critical Infrastructure Protection for Bulk Electric Systems
  • IEC 62443 Series - Security for Industrial Automation and Control Systems
  • NIST Cybersecurity Framework (CSF) - Risk-Based Cybersecurity Management

Transportation & Logistics

  • ISO/SAE 21434 - Road Vehicle Cybersecurity Engineering
  • IEC 62443 Series - Security for Industrial and Transport Control Environments
  • NIST Cybersecurity Framework (CSF) - Cyber Risk Governance and Improvement

Get audit-ready faster

Book a tailored demo to explore compliance workflows for your products.

Book a free Demo Start a free Trial