Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434

Gespeichert in:

Bibliographische Detailangaben
Format:	Buch
Sprache:	English
Veröffentlicht:	Geneva ISO/SAE International 2020
Schlagworte:	Straßenfahrzeug Norm
Online-Zugang:	Inhaltsverzeichnis
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC


LEADER	00000nam a2200000 c 4500
001	BV046697046
003	DE-604
005	20221130
007	t\|
008	200428s2020 xx u\|\|\| 00\|\|\| eng d
024	8		\|a ISO/SAE DIS 21434
035			\|a (OCoLC)1153990963
035			\|a (DE-599)BVBBV046697046
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
049			\|a DE-739 \|a DE-1050
084			\|a ZG 9175 \|0 (DE-625)156043: \|2 rvk
084			\|a ZO 4250 \|0 (DE-625)157719: \|2 rvk
245	1	0	\|a Road vehicles - cybersecurity engineering \|b draft international standard ISO/SAE DIS 21434
264		1	\|a Geneva \|b ISO/SAE International \|c 2020
300			\|a 108 Seiten
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
650	0	7	\|a Straßenfahrzeug \|0 (DE-588)4137755-2 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4419668-4 \|a Norm \|2 gnd-content
689	0	0	\|a Straßenfahrzeug \|0 (DE-588)4137755-2 \|D s
689	0		\|5 DE-604
710	2		\|a Internationale Organisation für Normung \|e Sonstige \|0 (DE-588)1008314-5 \|4 oth
856	4	2	\|m Digitalisierung UB Passau - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032107686&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
943	1		\|a oai:aleph.bib-bvb.de:BVB01-032107686

Datensatz im Suchindex

_version_	1819583656343109632
adam_text	ISO/SAE DIS 21434:2020(E) ISO/SAE INTERNATIONAL_________ ISO/SAE 21434 DRAFT__________________Page 2 of 108 CONTENTS 1. SCOPE.............................................................................................................................. 2. NORMATIVE REFERENCES..........................................................................................................................10 3. 3.1 3.2 TERMS AND ABBREVIATIONS...................................................................................................................... 10 Terms and Definitions.................................................................................................. 10 Abbreviated Terms............................................................. 14 4. GENERAL CONSIDERATIONS...................................................................................................................... 14 5. 5.1 5.2 5.3 5.3.1 5.3.2 5.4 5.4.1 5.4.2 5.4.3 5.4.4 5.4.5 5.4.6 5.4.7 5.4.8 5.5 OVERALL CYBERSECURITY MANAGEMENT...................................... 16 General.................................................................................................................................................................16 Objectives............................................................................................................................................................16 Inputs..................................................................................................................................... —.17 Prerequisites..................................................................................................................... 17 Further Supporting Information........................................................................................................................ 17 Requirements and Recommendations............................................................................................................ 17 Cybersecurity Governance...................................................................................... 17 Cybersecurity Culture................................................................................................ 18 Cybersecurity Risk Management..... ......................................................................... 19 Organizational Cybersecurity Audit.......................... ........... .........................................................................19 Information Sharing...................................... 20 Management Systems.............................. 20 Tool Management........................ 21 Information Security Management.................................................................... 21 Work Products..................................................................................................................................................... 21 6. 6.1 6.2 6.3 6.3.1 6.3.2 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.4.7 6.4.8 6.4.9 6.5 PROJECT DEPENDENT CYBERSECURITY MANAGEMENT...................................... 22 General........................................................................................ 22 Objectives.............................................................................................................. 22 Inputs............................................................................................................. 23 Prerequisites............... 23 Further Supporting Information......................................................................................... 23 Requirements and Recommendations............................................................................... 23 Cybersecurity Responsibilities andTheir Assignment................................................................................... 23 Cybersecurity Planning..................................................................................................................................... 23 Tailoring of the Cybersecurity Activities.......................................................................................................... 24 Reuse................................................................................................................................................................... 25 Component Out of Context................................................... 26 Off-the-Shelf Component.................................................................................................................................. 26 Cybersecurity Case.................................................................... 26 Cybersecurity Assessment................................................................................................................................26 Release for Post-Development........................................................................................................................ 28 Work Products...... ............................................................ 29 7. 7.1 7.2 7.3 7.3.1 7.3.2 7.3.3 7.4 7.4.1 7.4.2 7.4.3 CONTINUOUS CYBERSECURITYACTIVITIES...........................................................................................29 General............................... 29 Objectives............................ 29 Cybersecurity Monitoring.................................................................................................................................. 29 Inputs....................................................................................................................................................................29 Requirements and Recommendations................. .......................................................................................... 30 Work Products....................................................... 30 Cybersecurity Event Assessment................. 30 Inputs.................................................................................................................................................................... 30 Requirements and Recommendations.................................... 31 Work Products..................................................................... 31 © ISO/SAE International 2020 - All rights reserved Ю ISO/SAE INTERNATIONAL_________ ISO/SAE 21434 DRAFT__________________ Page 3 of 108 7.5 7.5.1 7.5.2 7.5.3 7.6 7.6.1 7.6.2 7.6.3 , Vulnerability Analysis............................................................................ :......................................................... 31 Inputs................................................................................................................................................................... 31 Requirements and Recommendations........................................................................................................... 31 Work Products.................................................................................................................................................... 32 Vulnerability Management............................................................................................................................... 32 Inputs................................................................................................................................................................... 32 Requirements and Recommendations........................................................................................................... 32 Work Products..................................................................................................................................................... 33 8. 8.1 8.2 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.7 8.7.1 8.7.2 8.7.3 . 8.8 8.8.1 8.8.2 8.8.3 8.9 8.9.1 8.9.2 8.9.3 RISK ASSESSMENT METHODS................................................................................................................... 33 General................................................................................................................................................................ 33 Objectives...........................................................................................................................................................34 Asset Identification............................................................................................................................................ 34 Inputs................................................................................................................................................................... 34 Requirements and Recommendations........................................................................................................... 34 Work Products.................................................................................................................................................... 35 Threat Scenario Identification..........................................................................................................................35 Inputs................................................................................................................................................................... 35 Requirements and Recommendations........................................................................................................... 35 Work Products.................................................................................................................................................... 36 Impact Rating..................................................................................................................................................... 36 Inputs................................................................................................................................................................... 36 Requirements and Recommendations.................................................................................. 36 Work Products.................................................................................................................................................... 37 Attack Path Analysis.........................................................................................................................................37 Inputs................................................................................................................................................................... 37 Requirements and Recommendations.................................................. 37 Work Products.................................................................................................................................................... 38 Attack Feasibility Rating................................................................................................................................... 39 Inputs................................................................................................................................................................... 39 Requirements and Recommendations........................................................................................................... 39 Work Products.................................................................................................................................................... 40 Risk Determination.............................................................................................................. .40 Inputs................................................................................................................................................................... 40 Requirements and Recommendations...........................................................................................................40 Work Products....................................................................................................................................................40 Risk Treatment Decision.................................................................................................................................. 40 Inputs................................................................................................................................................................... 40 Requirements and Recommendations...........................................................................................................41 Work Products....................................................................................................................................................41 9. 9.1 9.2 9.3 9.3.1 9.3.2 9.3.3 9.4 9.4.1 9.4.2 9.4.3 9.5 9.5.1 9.5.2 9.5.3 CONCEPT PHASE................................................................................. .:...................................................... 41 General.............................................................................................................................................................. .41 Objectives.......................................................................................................................................................... 42 Item Definition....................................................................................................................................................42 Inputs............................................................................................... 42 Requirements and Recommendations........................................................................................................... 42 Work Products.......:................................................................................................................................... 43 Cybersecurity Goals.......................................................................................................................................... 43 Inputs................................................................................................................................................................... 43 Requirements and Recommendations........................................................................................................... 44 Work Products....................................................................................................................................................45 Cybersecurity Concept..................................................................................................................................... 45 Inputs................................................................................................................................................................... 45 Requirements and Recommendations........................................................................................................... 46 Work Products....................................................................................................................................................46 10. 10.1 10.2 10.3 10.3.1 10.3.2 PRODUCT DEVELOPMENT.............................................. 46 General................................................................................................................................................................ 46 Objectives.......................................................................................................................................................... 49 Inputs................................................................................................................................................................... 49 Prerequisites...................................................................................................................................................... 49 Further Supporting Information...................................................................................... 50 © ISO/SAE International 2020 - All rights reserved ISO/SAE DIS 21434:2020(EJ ISO/SAE INTERNATIONAL_______ ISO/SAE 21434 DRAFT__________________ Page 4 of 108 10.4 10.4.1 10.4.2 10.4.3 10.5 Requirements and Recommendations............................................................................................................ 50 Refinement of Cybersecurity Requirements and Architectural Design....................................................... 50 Integration and Verification................................................................................................................................53 Specific Requirements for Software Development......................................................................................... 56 Work Products............ ........................................................................................................................................ 57 11. 11.1 11.2 11.3 11.3.1 11.3.2 11.4 11.5 CYBERSECURITY VALIDATION................................................................................................................... 57 General.................................................................................................................................................................57 Objectives........................................................................................................................................................... 57 Inputs................................................................................................. 57 Prerequisites.......................................................................................................................................................57 Further Supporting Information.......................................................................................................................... 58 Requirements and Recommendations.............................................................................................................. 58 Work Products...................................................................................................................................................... 58 12. 12.1 12.2 12.3 12.3.1 12.3.2 12.4 12.5 PRODUCTION.................................................................................................................................. 58 General.................................................................................................................................................................58 Objectives........................................................................................................................................................... 58 Inputs....................................................................................................................................................................59 Prerequisites...................................................................................... 59 Further Supporting Information........................................................................................................................ 59 Requirements and Recommendations............................................................................. 59 Work Products.................................................................................................................... ...60 13. 13.1 13.2 13.3 13.3.1 13.3.2 13.3.3 13.4 13.4.1 13.4.2 13.4.3 OPERATIONS AND MAINTENANCE............................................................................................................. 60 General.................................................................................................................................................................60 Objectives...........................................................................................................!.............................................. 60 Cybersecurity Incident Response................................................................................................................ 60 Inputs.................................................................................................................................... ...60 Requirements and Recommendations.......................................................................................................... .60 Work Products.....................................................................................................................................................61 Updates.............................................................................................................................................................. 61 Inputs.................................................................................................................................................................... 61 Requirements and Recommendations............................................................................................................ 62 Work Products........................................................................................................................... 62 · 14. 14.1 14.2 14.3 14.3.1 14.3.2 14.4 14.5 DECOMMISSIONING........................................................................................................................................62 General.................................................................................................................................................................62 Objectives........................................................................................................................................................... 62 Inputs.................................................................................................................................................................... 62 Prerequisites....................................................................................................................................................... 62 Further Supporting Information........................................................................................................................ 62 Requirements and Recommendations............................................................................................................ 63 Work Products.....................................................................................................................................................63 15. 15.1 15.2 15.3 15.3.1 15.3.2 15.4 15.4.1 15.4.2 15.4.3 15.5 DISTRIBUTED CYBERSECURITY ACTIVITIES...........................................................................................63 General.................................................................................................................................................................63 Objectives...........................................................................................................................................................63 Inputs.................................................................................................................................................................. .63 Prerequisites....................................................................................................................................................... 63 Further Supporting Information.........................................................................................................................63 Requirements and Recommendations............................................................................................................ 63 Demonstration and Evaluation of Supplier Capability...................................................................................63 Request for Quotation........................................................................................................................................64 Alignment of Responsibilities........................................................................................................................ ...64 Work Products.....................................................................................................................................................65 © ISO/SAE International 2020 - All rights reserved ÍSÜ/SAL· DIS Հ14ձ4:ՀԱՀ0Լէ) ISO/SAE INTERNATIONAL_________ ISO/SAE 21434 DRAFT__________________ Page 5 of 108 ANNEX A (INFORMATIVE) ANNEX В (INFORMATIVE) ANNEX C (INFORMATIVE) ANNEX D (INFORMATIVE) ANNEX E (INFORMATIVE) ANNEX F (INFORMATIVE) ANNEX G (INFORMATIVE) ANNEX H (INFORMATIVE) ANNEX I (INFORMATIVE) ANNEX J (INFORMATIVE) SUMMARY OF CYBERSECURITY ACTIVITIES AND WORK PRODUCTS................66 EXAMPLES OF CYBERSECURITY CULTURE.............................................................. 68 CYBERSECURITY INTERFACE AGREEMENT TEMPLATE EXAMPLE..................... 69 CYBERSECURITY RELEVANCE: EXAMPLE METHOD AND CRITERIA................... 71 CYBERSECURITY ASSURANCE LEVELS.................................................................... 72 VERIFICATION AND VALIDATION................................................... 77 EXAMPLE USE CASE AND WORK PRODUCTS: HEADLAMP SYSTEM...................80 IMPACT RATING FOR SAFETY, FINANCIAL, OPERATIONAL AND PRIVACY DAMAGE............................................................................................................ 97 GUIDELINES FOR DETERMINING ATTACK FEASIBILITY RATING.......................... 99 MATRICES FOR RISK DETERMINATION.................................................................... 105 © ISO/SAE International 2020 - All rights reserved
any_adam_object	1
building	Verbundindex
bvnumber	BV046697046
classification_rvk	ZG 9175 ZO 4250
ctrlnum	(OCoLC)1153990963 (DE-599)BVBBV046697046
discipline	Technik Verkehr / Transport
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01348nam a2200337 c 4500</leader><controlfield tag="001">BV046697046</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20221130 </controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">200428s2020 xx u\|\|\| 00\|\|\| eng d</controlfield><datafield tag="024" ind1="8" ind2=" "><subfield code="a">ISO/SAE DIS 21434</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1153990963</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV046697046</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield><subfield code="a">DE-1050</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ZG 9175</subfield><subfield code="0">(DE-625)156043:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ZO 4250</subfield><subfield code="0">(DE-625)157719:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Road vehicles - cybersecurity engineering</subfield><subfield code="b">draft international standard ISO/SAE DIS 21434</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Geneva</subfield><subfield code="b">ISO/SAE International</subfield><subfield code="c">2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">108 Seiten</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Straßenfahrzeug</subfield><subfield code="0">(DE-588)4137755-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4419668-4</subfield><subfield code="a">Norm</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Straßenfahrzeug</subfield><subfield code="0">(DE-588)4137755-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="710" ind1="2" ind2=" "><subfield code="a">Internationale Organisation für Normung</subfield><subfield code="e">Sonstige</subfield><subfield code="0">(DE-588)1008314-5</subfield><subfield code="4">oth</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032107686&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-032107686</subfield></datafield></record></collection>
genre	(DE-588)4419668-4 Norm gnd-content
genre_facet	Norm
id	DE-604.BV046697046
illustrated	Not Illustrated
indexdate	2024-12-24T08:11:52Z
institution	BVB
institution_GND	(DE-588)1008314-5
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-032107686
oclc_num	1153990963
open_access_boolean
owner	DE-739 DE-1050
owner_facet	DE-739 DE-1050
physical	108 Seiten
publishDate	2020
publishDateSearch	2020
publishDateSort	2020
publisher	ISO/SAE International
record_format	marc
spellingShingle	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434 Straßenfahrzeug (DE-588)4137755-2 gnd
subject_GND	(DE-588)4137755-2 (DE-588)4419668-4
title	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_auth	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_exact_search	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_full	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_fullStr	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_full_unstemmed	Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434
title_short	Road vehicles - cybersecurity engineering
title_sort	road vehicles cybersecurity engineering draft international standard iso sae dis 21434
title_sub	draft international standard ISO/SAE DIS 21434
topic	Straßenfahrzeug (DE-588)4137755-2 gnd
topic_facet	Straßenfahrzeug Norm
url	http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=032107686&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT internationaleorganisationfurnormung roadvehiclescybersecurityengineeringdraftinternationalstandardisosaedis21434

Road vehicles - cybersecurity engineering draft international standard ISO/SAE DIS 21434

MARC

Datensatz im Suchindex

Ähnliche Einträge