The Cyber Resilience Act (CRA) is already changing how embedded products need to be designed, maintained and supported. For hardware teams, especially smaller original equipment manufacturers (OEMs), the real problem is not understanding that security matters. It is figuring out how to build security into the product lifecycle without creating a huge internal compliance and tooling burden. Digi ConnectCore 95 is being positioned as a way to reduce that gap by combining secure hardware, embedded Linux support, cloud services and vulnerability management into one platform.
Why the CRA now matters to embedded teams
The CRA introduces mandatory cybersecurity requirements for products with digital elements across planning, design, development and maintenance. It also puts focus on how manufacturers handle vulnerabilities throughout the product lifecycle. The regulation entered into force on 10 December 2024. Its main obligations apply from 11 December 2027, while Article 14 reporting obligations start earlier on 11 September 2026. That timing matters because engineering teams need working security processes well before full enforcement arrives.
For a large organisation, that might mean building dedicated security workflows, software bill of materials generation, vulnerability monitoring, and fleet update infrastructure in-house. For a smaller team, that is much harder. This is the gap Digi and NXP are trying to address with Digi ConnectCore 95 and the underlying i.MX 95 silicon platform.
What Digi is bringing to the table
Digi’s pitch starts with Digi TrustFence. On the ConnectCore 95 family, Digi lists features including secure boot, filesystem encryption, tamper detection, secure JTAG, secure console, secure build environments and secure firmware updates. That gives developers a stronger default starting point for protecting devices before they ever leave the bench.
But the more interesting part is what Digi adds after deployment. Digi ConnectCore Security Services monitor a custom software bill of materials (SBOM) and binary image for vulnerabilities. Digi says the service includes curated vulnerability reports, pre-integrated security patches for Digi Embedded Yocto, extra diagnostics, and consulting support. In other words, it is not just a one-off feature tick box. It is a support layer for keeping the product secure over time.
Digi also wraps the platform with ConnectCore Cloud Services. The development kit listing highlights remote monitoring, device management and secure cloud integration. In the context of CRA pressure, that matters because a patching strategy only works if you can actually see deployed devices, group them, and push updates at scale. Digi ConnectCore 95 is strongest when viewed as that full stack rather than as a standalone module.
What NXP adds inside the silicon
Under the hood, the platform is based on NXP’s i.MX 95 family. NXP documents EdgeLock Secure Enclave as a core security feature, supporting secure boot, cryptography, trust provisioning and run-time attestation. The wider processor family also includes Arm TrustZone, secure and trusted access control, and support for industrial and edge-focused deployments.
That matters because it shifts part of the security model into hardware. Rather than relying only on software separation, developers can build on a processor family designed to isolate and protect critical functions more deeply. For companies shipping long-life connected systems, that hardware root gives the upper layers more credibility.
Why this combination makes sense
The partnership logic is fairly simple. NXP brings secure silicon and a modern applications processor platform. Digi turns that into a more complete original equipment manufacturer platform with a module, development kit, embedded Linux, device management, and ongoing security tooling. That is useful because most customers do not just need a chip. They need a route to shipping, updating and maintaining a product.
For evaluation, Digi publicly lists the CC-WMX95-KIT development kit. It includes the ConnectCore 95 development board, a wireless system-on-module, a one-year cloud services premium licence, and a security services trial account. For teams assessing how to build more secure connected products without assembling every piece themselves, Digi ConnectCore95 looks like a practical place to start.
Comments are closed.
Comments
No comments yet