Skip to main content

Setting Up for Success: Secure Software Installation & Use

Just shipping secure software isn't enough; your users need to know how to install and use it securely from day one and throughout its life. The Cyber Resilience Act emphasizes providing clear instructions for this (Annex II, point 8a).

Guiding Your Users

For your software products (games, apps, libraries, engines), you must provide detailed instructions or a link to them, covering:

  • Initial Secure Commissioning:
    • How should users install the software securely?
    • Are there specific settings they need to configure during setup for optimal security (e.g., creating strong, unique passwords if your app requires accounts, setting up multi-factor authentication)?
    • What are the recommended secure default configurations?
  • Secure Use Throughout Lifetime:
    • What ongoing practices should users follow to maintain security? (e.g., guidance on managing permissions for an app, advice on avoiding phishing scams related to your software, recommendations for secure data backup if applicable).
    • Information on recognizing and responding to potential security prompts or warnings from the software.

Practical Examples

For a game: Instructions might include advice on creating strong account credentials and being wary of third-party cheat tools that could compromise security. For a productivity app: Guidance on secure data handling, encryption options, and regular review of access permissions. For a software library: Detailed instructions for developers on how to integrate and configure it securely within their own applications.

Key Takeaway

Provide clear, actionable instructions on how to securely install, configure, and use your software throughout its lifecycle. This is a mandate under Annex II, point 8a, aimed at empowering users to protect themselves.