For industrial automation and control systems, IEC 62443 has been the gold standard for developing secure products. However, new regulations for cybersecurity are coming in the form of the European Cybersecurity Resilience Act (CRA). Meeting IEC 62443 requirements does not guarantee compliance with CRA, but it get’s you most of the way there. This talk will focus on what you need to do to build on IEC 62443 compliance to achieve CRA compliance. In addition, an approach will be discussed for products that have not yet achieved IEC 62443 compliance.