Add a link to CRA course

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>

Author: david-a-wheeler

docs/lfd121.md

@@ -375,6 +375,8 @@ To create software, you need to know what you want it to do. Requirements are si
 
 In some cases, software must comply with special laws or regulations. This is especially true in areas where vulnerabilities are more likely to lead to significant harm (such as medical, financial, and military systems). This also arises if you are planning to sell software, or a system with software, in many different legal jurisdictions (so there may be many laws or regulations that apply). Examples include the European Cyber Resilience Act (CRA), the European General Data Protection Regulation (GDPR), the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) for health-related data, and so on. Again, for our purposes these are all requirements.
 
+The CRA, in particular, is important because it widely impacts software development. Most software commercially distributed in the European Union (EU), regardless of its origin or purpose, is subject to it. After you complete this course we encourage you to take our course [Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)](https://training.linuxfoundation.org/express-learning/understanding-the-eu-cyber-resilience-act-cra-lfel1001/) so you will better understand the CRA.
+
 You may also be subject to some organizational security policy. These are the internal rules defined by your organization to manage security risks. They often translate high-level legal requirements into specific technical rules you must follow. If they apply to you, make sure you understand them! Organizational security policies often cover issues such as:
 
 * Data Classification: Defining which data is public, internal, or restricted, including Personally Identifiable Information (PII).