NI provides these resources to help your team meet the requirements of the European CRA. To meet the security requirements of the European CRA, test teams must adopt secure development processes and use secure components in their systems. NI products provide the security features, documentation, training, and support to help your team develop secure systems that meet the CRA requirements.
LOVs provide a list of volatile and non-volatile memory locations, with instructions for clearing those memory locations. NI provides LOVs for most NI hardware products. LOVs are available with product documents at ni.com/docs, or at ni.com/letters-of-volatility.
SBOMs provide a complete list of software installed with and used by a software application. An SBOM gives an end user a single document to understand the components used in the software. This list can accelerate system checks when a vulnerability is discovered so that a reaction plan can be put into effect as fast as possible.
If you are interested in learning more about the process NI uses to produce software SBOMs, please contact security@ni.com.
Free (Libre) Open Source Software (FOSS or FLOSS) may impose certain usage or license restrictions on end users. NI software may contain open source software, and NI works to comply with all of the license terms of that software. Copies of software licenses (open source and non-open source) are available after installation in the \Program Files (x86)\National Instruments\_Legal Information\ folder. NI's SBOMs can also be used to track license information.
Software developers may need to perform static code analysis to identify vulnerable components and non-secure coding practices. Many static code analysis tools are available on the market for text-based tools. However, LabVIEW's graphical programming environment presents a unique challenge for these tools.
To meet this need for a tool compatible with LabVIEW, some developers use VI Analyzer included with LabVIEW. VI Analyzer scans for code quality practices, not security issues. But these are tightly linked and VI Analyzer can help identify code issues that make a LabVIEW VI less secure.
For a more complete static analysis tool, JKI makes a full-feature static analysis tool called J-Crawler. This tool can generate a full SBOM including code components added by the LabVIEW developer, and looks for most common code issues that make LabVIEW code less secure. For more information on J-Crawler visit http://jki.net
NI provides guidance to help customer configure products to improve the security features of the products. Follow these links for documents to help you use NI products in the most secure way possible:
LabVIEW Secure Configuration Guide: LabVIEW Secure Configuration Guide - NI Community
LabVIEW Secure Code Development Guide: LabVIEW Secure Development Guide - NI Community