The Milestones for compliance with the ISO/SAE 21434 standard

The ISO/SAE 21434 standard covers all stages of a vehicle's cybersecurity lifecycle, from designs through decommissioning and implementation of security safeguards throughout the supply chain.

Although ISO/SAE 21434 is a relatively new standard, compelling milestones already pave the way to complete compliance with the standard.

We can divide the standard into four major requirements:

1. ·??Risk assessment and management where organizations must identify, assess, and manage cybersecurity risks and create a plan to address cyber incidents.
2. Security controls require organizations to implement cyber risk mitigations such as Authentication, Integrity, etc.
3. Information sharing obligates manufacturers to share information with suppliers, customers, and other stakeholders.
4. Mitigation strategies minimize the impact of incidents on vehicle systems.

These significant requirements align with a 15-section structure and additional annexes. The projected milestones are listed below:

• Sections 1-4: General organizational project topics such as scope, terms, and abbreviations, and a cybersecurity ecosystem.
• Section 5: Organizational cybersecurity management aspects. Cybersecurity governance, cybersecurity culture, policies and strategies.
• Section 6: Project-dependent cybersecurity management. Planning and identifying the extent of the risk.
• Section 7:?Distributed cybersecurity activities that include sub-suppliers distribution and Cybersecurity Interface Agreements for development.
• Section 8: Continual cybersecurity activities requiring monitoring and analyzing vulnerabilities and vulnerability management throughout the vehicle lifecycle.
• Section 9: The concept phase: determining cybersecurity risks, defining cybersecurity-related goals, and developing the cybersecurity concept.
• Sections 10-11: Production development: Design, integration, verification, and validation of cybersecurity that includes all items at the ECU level and the vehicle level.
• Sections 12-14: Post-development processes that include: manufacturing and assembly, operation, maintenance, incident response and updates, and cybersecurity considerations for end of support and decommissioning an item or component.
• Section 15: Includes modular methods for TARA scenarios (which is the input to Section 9, Concept phase).?

Which of these milestones has your organization reached so far?

If you want to know how to automate the ISO 21434 process, please email us at: [email protected], and we will schedule a short call to discuss your cybersecurity needs.