What is CYRA?
CYRA (Cyber Resilience Assessment) is a Dutch maturity and certification method managed by the CCV (Centrum voor Criminaliteitspreventie en Veiligheid). It is designed for SMEs and growing organisations that need a structured, achievable path to cyber resilience.
It assesses maturity across IT security, privacy and supply-chain responsibility, with an optional OT module, building on the NIST CSF functions. It is an ideal on-ramp toward NIS2 and ISO 27001.
The CYRA domains
Govern, Identify, Protect
Detect, Respond, Recover
Privacy & Supply chain
OT (optional)
CYRA with ResiPlan
ResiPlan includes the CYRA measure catalogue and runs a 0–4 maturity GAP analysis with evidence and an exportable report.
Cross-mapping links CYRA to ISO 27001 and NIS2 — rate ISO 27001 once and the equivalent CYRA measures fill in automatically, so your CYRA assessment is a head start, not extra work.
Frequently asked questions
What is CYRA?
CYRA (Cyber Resilience Assessment) is a Dutch cyber-resilience maturity and certification method for SMEs, managed by the CCV since January 2025.
Is CYRA the same as the Cyber Resilience Act (CRA)?
No. CYRA is a Dutch maturity assessment method; the CRA is a separate EU regulation on the security of products with digital elements.
Does CYRA help with NIS2?
Yes — CYRA is built on the NIST CSF functions and maps to NIS2 and ISO 27001, making it a practical first step toward those obligations.
Can I assess CYRA and ISO 27001 together?
Yes. In ResiPlan you cover both in one assessment: rating ISO 27001 controls auto-fills the equivalent CYRA measures through cross-mapping.