" " indicates required fields
The new capability is designed to give organizations the tools and automation they need to meet regulatory requirements quickly, confidently, and without slowing innovation
Jerusalem, Israel, September 17, 2025 – C2A Security, the only context-driven product security orchestration platform that addresses the specific needs of software-defined products and cyber-physical systems, today announced the availability of Q2.2025 Software Update of its industry-first DevSecOps product security platform, including a dedicated compliance solution for the newly issued U.S. Department of Commerce (DoC) Rule under 15 C.F.R. Part 791D. This regulation prohibits certain transactions involving Vehicle Connectivity System (VCS) hardware and covered software originating from restricted regions, specifically China, the Hong Kong Special Administrative Region, the Macau Special Administrative Region, and Russia.
The Q2.2025 software release of the EVSec Platform also introduces two new modules: Threat Intelligence which was announced a few months ago, and the Compliance Center. The new release expands on the BOM & Vulnerability Management, threat analysis, and risk assessment capabilities, includes UI & UX improvements, and streamlines integration with the BI & Reports module.
As the automotive and mobility industries accelerate toward connected, software-defined vehicles, the integrity and transparency of the software supply chain have never been more critical. The new DoC rule reflects growing geopolitical and security concerns over foreign-sourced technologies embedded in connected vehicle ecosystems. For organizations building, supplying, or integrating VCS technologies, compliance is now a matter of both operational continuity and market access.
The DoC’s 791D regulation (download a complimentary 1-pager) introduces stringent requirements for identifying, assessing, and managing software and hardware components based on their geographic origin. Failure to comply can result in penalties, disrupted operations, and reputational damage.
“Rule 791D is more than a regulatory change, it’s a shift in how organizations must think about their technology supply chain,” said David Mor-Ofek, head of product, C2A Security. “It’s no longer enough to know what you’re using; you must know where it’s from, prove it, and continuously monitor it. That’s exactly what our platform enables.”
The new Compliance Center module automates validation and reporting against cybersecurity regulations using EVSec data, AutoSynth AI automation, and flexible templates, serveing as a comprehensive compliance hub for each project. The new module offers a centralized page where teams can manage, track, and demonstrate adherence to relevant cybersecurity and regulatory standards, such as ISO 21434, US DoC 791D, UN R155, GB Standards, ISA/IEC 62443, and more. Organizations can also define and maintain custom compliance frameworks, tailoring them to their policies or project-specific needs.
EVSec Platform provides a dedicated framework for continuous assessment and automated tracking of both software and hardware components across the supply chain, continuously tracking compliance coverage and process status, offering real-time visibility into how each project progresses toward complete regulatory alignment.
Key capabilities include:
Compliance is not a one-time activity. Even after a Declaration of Conformity is filed, ongoing vigilance is required to ensure that later updates, patches, or supplier changes do not inadvertently introduce restricted-origin components.
With EVSec Platform:
By integrating the Compliance Center into the development process, customers can:
The introduction of Rule 791D underscores a larger industry challenge: securing the global software supply chain in an era of increasing geopolitical tension and cyber risk. Connected vehicle systems – from infotainment to advanced driver assistance, are highly dependent on complex network of suppliers and open-source vendors.
Without robust visibility and control, organizations face both regulatory non-compliance and elevated cybersecurity exposure. EVSec Platform closes this gap by unifying supply chain intelligence, compliance workflows, and continuous monitoring in a single solution.
“This is about more than passing an audit,” added David Mor Ofek. “It’s about ensuring that every line of code and every hardware component in your connected vehicle ecosystem meets both your performance and security standards, and that you can prove it at any moment.”
The new regulatory coverage for US DoC 791D is available immediately to EVSec customers as part of the Q2.2025 software release. Your account executive will contact you to schedule a dedicated training session.
CRO
C2A Security
VP and GM, Medical Technology
C2A Security
Ken Zalevsky brings over 20 years of medical device cybersecurity experience to his role at C2A Security, where he serves as VP and GM, Medical Technology, following the acquisition of Vigilant Ops in October 2025. A former Bayer executive, Ken founded Vigilant Ops in 2019 after witnessing the consequences of inadequate technical preparation in the healthcare industry. He is an active contributor to CISA’s SBOM working groups and a frequent speaker on software supply chain security. Ken’s mission: transform SBOM from a compliance checkbox into operational intelligence that keeps patients safe while streamlining regulatory processes.