NXP EdgeVerse Techcast

CRA Week Day 3: Proving Compliance—Your "Recipe" for EU Cyber Resilience Act Conformance
On Day 3 of CRA Week on the EdgeVerse Techcast, hosts Kyle Dando and Bridgette Stone are joined by NXP expert Carlos Serratos to explain how manufacturers can prove compliance with the EU Cyber Resilience Act (CRA). Carlos connects Risk Assessment and Security by Design to the need to demonstrate cybersecurity conformance. 
Using a baking analogy, he outlines key CRA compliance "ingredients":
 A risk assessment
Vulnerability management policy
Secure development process
Support period policy,
User information
Product class identification
Conformity assessment
Technical documentation
Declaration of Conformity
A CE mark
He then details a step-by-step process to "bake the ingredients": perform risk analysis and select mitigations/components, analyze conformance against CRA essential requirements, verify conformance per applicable standards and product class, collect evidence and draft the declaration, ensure support period and vulnerability management are reflected in the risk assessment and user guidance, apply the CE mark, and retain documentation for 10 years after market placement!
Episode resources:
CRA web guidance
Security process descriptions and certifications
CRA Paradigm Shift Training
NXP's vulnerability management policy
 
00:00 Day 3 Proving Compliance
01:25 Why Compliance Matters
02:52 Risk Assessment Drives Decisions
03:31 Security by Design Lifecycle
03:55 CRA Cake Ingredients
05:46 Step by Step Conformance
07:24 Not Legal Advice Start Now
08:05 NXP Tools and Resources
09:08 Wrap Up and Next Episode

CRA Week: Step 2 Security by Design
Day 2 of CRA Week covers the 2nd major step in CRA Compliance, Security by Design. NXP security expert Marc Vauclair explains that CRA security is about managing risk, and that Security by Design reduces risk compared to adding security later.
The episode outlines the following CRA expectations:
Shipping products in a secure state
Enabling security features by default
Using encryption and data minimization
Minimizing components and unused interfaces to reduce attack surface
Ensuring only trusted software runs at startup 
Marc encourages threat modeling, security into product requirements alongside traditional constraints, and accurate risk assessments. 
Apply what is discussed with a wireless keyboard example. It illustrates threats such as snooping, data injection, and denial-of-service via wireless flooding, and explains decomposing threats into risk factors, asset-centric impact analysis, and using threat intelligence and vulnerability severity to derive project-specific risk levels. At the end threats are mapped to mitigations like authentication to prevent spoofing and cryptographic integrity checks to prevent tampering. 
Marc also highlights NXP technologies that support Security by Design:
Encrypted firmware and key installation
Secure debug/configuration
Remote key provisioning
Memory encryption
Isolation between secure and non-secure areas
Secure connectivity features (origin attestation, secure communication, accelerated networking, remote key management)
Incident detection/response/recovery with measured boot, runtime attestation, cyber resilience recovery, tamper detection, and battery-backed monitoring 
Don't miss this detailed episode to better understand Security by Design for CRA!
Episode Resources:
NXP CRA page: EU Cyber Resilience Act (CRA)
NXP page: Security Certification
00:00 Welcome to CRA Week Day 2
00:48 Meet Marc Vauclair
01:49 What Security by Design Means
02:54 CRA Secure by Default Requirements
04:13 Lifecycle Threat Modeling
06:02 Making It Practical in Development
07:30 Right Sizing Security Effort
09:23 Threat Modeling Keyboard Example
12:13 Risk Assessment Basics and Factors
14:25 NXP Technologies for Security
16:14 Recap and Step 3 Teaser

CRA Week: Step 1 Risk Assessment, Threat Analysis, and Product Classification
In this kickoff episode of CRA Week on the EdgeVerse TechCast, hosts Kyle Dando and Bridgette Stone welcome NXP security evaluation and certification expert Eve Atallah to break down the 1st of 4 major steps in Cyber Resilience Act (CRA) compliance: Risk Assessment and product categorization.
Eve explains that manufacturers must first define a product's purpose and core functionality to determine its CRA product category, applicable standards, and conformity assessment path, then perform a risk assessment tailored to the product's specific conditions of use to identify which essential CRA cybersecurity requirements and security measures apply.
She clarifies the difference between threat analysis (which attacks are possible, including vectors and attacker profiles) and risk assessment (what should not happen, likelihood, impact, and risk acceptability)
To wrap up, Eve explains how classification drives the conformity route: self-assessment for default, guided self-assessment for important Class 1, and mandatory third-party assessment for important Class 2 and critical. She notes that harmonized standards are being finalized to assist manufacturers with assesments.  These standards are xpected before CRA enforcement in 2027.
Episode Resources:
www.nxp.com/CRA
Training: Cyber Resilience Act(CRA) Paradigm Shift
White Paper: Complying with the Cyber Resilience Act (CRA) 
00:00 Welcome to EdgeVerse TechCast + Introducing CRA Week
01:19 Meet the Expert: Eve Atallah & Why Risk Assessment Is Step One
02:29 Step One Foundations: Product Purpose, CRA Categorization & Risk Assessment
03:58 Risk Assessment vs Threat Analysis: What's the Difference?
06:29 Who Does What? Teams, Expertise & Risk Assessment Deliverables
08:00 How to Identify Device-Specific Threats (Assets, Environment, Interfaces)
10:10 CRA Product Classification: Default vs Important (Class 1/2) vs Critical
12:29 Conformity Assessment Paths: Self-Assessment vs Third-Party + Standards
14:22 Recap, Next Steps (Security by Design) & Closing Announcements

Bluetooth 6 Channel Sounding Explained: Centimeter-Level Ranging with MCX W72 & KW47
Rakshit Grover and Manisha Phadke join the EdgeVerse Techcast to discuss how Bluetooth 6 Channel Sounding brings spatial awareness to Bluetooth Low Energy. They explain how Channel Sounding enables accurate, secure distance measurement between an Initiator and Reflector, moving beyond RSSI by combining Phase-Based Ranging (PBR) for accuracy with Round-Trip Time (RTT) for security, achieving centimeter-level ranging. 
The conversation covers key applications such as smart home automation, automotive keyless entry and smart locks, IoT ambient awareness, industrial asset tracking, and improved indoor navigation. NXP platforms enabling Channel Sounding—MCX W72 for industrial IoT/automation and KW47 for automotive—both feature a dedicated Localization Compute Engine (LCE) for faster response and improved power efficiency. Developers are pointed to hands-on resources, including step-by-step videos and an Application Code Hub project using FRDM boards to demonstrate Channel Sounding. 
Resources:
NXP Channel Sounding Demo with KW47 and Oled B Click
ACH Project: Matter Bluetooth Channel Sounding Demo on MCXW72
BLOG: Exploring Bluetooth Channel Sounding on the FRDM-MCXW72 Dev Board
00:00 Introduction and Hosts
00:30 Understanding Bluetooth Channel Sounding
02:24 NXP's Engagement in Bluetooth Low Energy
03:40 Technical Insights into Channel Sounding
05:10 Applications and Benefits of Channel Sounding
07:08 NXP's Solutions for Developers
08:15 Resources and Future Developments
09:58 Conclusion and Summary

Celebrating One Year! The Future of Microcontrollers with Cristiano Costello
Join us for a special episode celebrating one year of the EdgeVerse TechCast! Hosts Kyle and Bridgette welcome Cristiano Costello, a key figure in NXP's MCU strategy and portfolio evolution, to discuss the future of microcontrollers. Cristiano shares insights from his 30-year journey in the industry, reflecting on technological advancements, key milestones, and the exciting future of MCUs. Discover the challenges and innovations shaping the intelligent edge, from AI and low-energy mobile applications to the importance of software openness.
Don't miss this deep dive into the world of MCUs and NXP's vision for what's next!
00:00 Introduction and Anniversary Celebration
00:39 Meet Cristiano Costello
01:40 Cristiano's Journey in Microcontrollers
03:32 Evolution of Microcontrollers
05:42 Exciting Advancements in MCUs
07:38 NXP's Unique Position in the Market
09:03 Future of Microcontrollers
11:43 Closing Remarks and Reflections