UNR155信息安全法规英文原版_汽车上市认证法规资源-CSDN文库

需积分: 5 176 浏览量 2023-09-26 13:51:29 上传评论 1 收藏 453KB PDF 举报

《联合国法规UN R155 信息安全》是针对车载网络安全及网络安全管理体系的统一规定，旨在为全球汽车行业的安全标准提供一致性。此法规于2021年1月22日作为1958年协议的附件正式生效。该文档作为纯粹的资料工具，其法律约束力的正式文本为ECE/TRANS/WP.29/2020/79，后续经过ECE/TRANS/WP.29/2020/94和ECE/TRANS/WP.29/2020/97的修订。 UN R155法规的主要内容包括以下几个方面： 1. **适用范围**：法规明确了适用于各类轮式车辆的网络安全和网络安全管理体系的认证要求。这表明无论是乘用车、商用车还是特种车辆，都需符合这些标准，确保在设计、制造和使用过程中能有效保护车辆的电子系统免受潜在的网络攻击。 2. **定义**：法规首先定义了关键术语，如“网络安全”、“网络安全管理体系”等，以便在执行和评估时有一个共同的理解。这些定义将涵盖与车辆电子控制单元（ECU）、通信模块和软件相关的安全性问题。 3. **申请批准**：制造商必须按照法规的规定提交申请，以获得其车辆在网络安全方面的认可。这通常包括详细的安全评估、风险分析以及如何通过管理机制来持续监控和改进网络安全的方案。 4. **技术要求**：UN R155详细规定了车辆应具备的技术特性，如数据保护、访问控制、故障检测和应对措施等，以确保车辆在网络攻击面前具有足够的防护能力。同时，它还要求制造商实施有效的网络安全管理系统，监测潜在威胁，并能够迅速响应安全事件。 5. **测试与验证**：法规要求进行一系列的测试，以验证车辆的网络安全性能。这可能包括模拟攻击测试、漏洞评估以及对网络安全措施效果的评估，以确保车辆在整个生命周期内都能保持安全状态。 6. **符合性评估**：制造商需提供证据证明其产品符合UN R155的规定，这可能涉及第三方机构的评估和认证。通过这种相互承认的批准机制，各国可以接受其他成员国依据此法规认证的车辆，促进国际贸易。 7. **持续改进**：法规不仅关注产品上市前的安全，还强调了上市后的产品更新和维护，以应对不断演变的网络威胁。 UN R155法规的出台对于全球汽车行业来说是一个重要的里程碑，它推动了车辆网络安全标准的统一，提高了消费者的信心，并有助于防止因网络安全问题导致的重大事故。随着物联网和自动驾驶技术的发展，网络安全已经成为汽车设计和制造不可忽视的重要因素，而UN R155为这一领域的规范提供了坚实的框架。

资源推荐

资源详情

资源评论

Agreement

Concerning the Adoption of Harmonized Technical United Nations

Regulations for Wheeled Vehicles, Equipment and Parts which can be

Fitted and/or be Used on Wheeled Vehicles and the Conditions for

Reciprocal Recognition of Approvals Granted on the Basis of these

United Nations Regulations*

(Revision 3, including the amendments which entered into force on 14 September 2017)

_________

Addendum 154 – UN Regulation No. 155

Date of entry into force as an annex to the 1958 Agreement: 22 January 2021

Uniform provisions concerning the approval of vehicles with regards to

cyber security and cyber security management system

This document is meant purely as documentation tool. The authentic and legal binding text

is: ECE/TRANS/WP.29/2020/79 (as amended by ECE/TRANS/WP.29/2020/94 and

ECE/TRANS/WP.29/2020/97).

_________

UNITED NATIONS

Former titles of the Agreement:

Agreement concerning the Adoption of Uniform Conditions of Approval and Reciprocal Recognition of

Approval for Motor Vehicle Equipment and Parts, done at Geneva on 20 March 1958 (original version);

Agreement concerning the Adoption of Uniform Technical Prescriptions for Wheeled Vehicles,

Equipment and Parts which can be Fitted and/or be Used on Wheeled Vehicles and the Conditions for

Reciprocal Recognition of Approvals Granted on the Basis of these Prescriptions, done at Geneva on

5 October 1995 (Revision 2).

E/ECE/TRANS/505/Rev.3/Add.154

4 March 2021

E/ECE/TRANS/505/Rev.3/Add.154

UN Regulation No. 155

Uniform provisions concerning the approval of vehicles with

regards to cyber security and cyber security management

system

Contents

Page

1. Scope ......................................................................................................................................... 4

2. Definitions ........................................................................................................................................ 4

3. Application for approval .................................................................................................................. 5

4. Markings ......................................................................................................................................... 5

5. Approval ......................................................................................................................................... 6

6. Certificate of Compliance for Cyber Security Management System ............................................... 8

7. Specifications ................................................................................................................................... 9

8. Modification and extension of the vehicle type ............................................................................... 12

9. Conformity of production ................................................................................................................ 12

10. Penalties for non-conformity of production ..................................................................................... 12

11. Production definitively discontinued ................................................................................................ 12

12. Names and addresses of Technical Services responsible for conducting approval test, and

of Type Approval Authorities .......................................................................................................... 13

Annexes

1 Information document ...................................................................................................................... 14

2 Communication ............................................................................................................................. 16

3 Arrangement of approval mark ........................................................................................................ 17

4 Model of Certificate of Compliance for CSMS................................................................................ 18

5 List of threats and corresponding mitigations .................................................................................. 19

E/ECE/TRANS/505/Rev.3/Add.154

1. Scope

1.1. This Regulation applies to vehicles, with regard to cyber security, of the

Categories M and N.

This Regulation also applies to vehicles of Category O if fitted with at least

one electronic control unit.

1.2. This Regulation also applies to vehicles of the Categories L

and L

if equipped

with automated driving functionalities from level 3 onwards, as defined in the

reference document with definitions of Automated Driving under WP.29 and

the General Principles for developing a UN Regulation on automated vehicles

(ECE/TRANS/WP.29/1140).

1.3. This Regulation is without prejudice to other UN Regulations, regional or

national legislations governing the access by authorized parties to the vehicle,

its data, functions and resources, and conditions of such access. It is also

without prejudice to the application of national and regional legislation on

privacy and the protection of natural persons with regard to the processing of

their personal data.

1.4. This Regulation is without prejudice to other UN Regulations, national or

regional legislation governing the development and installation/system

integration of replacement parts and components, physical and digital, with

regards to cybersecurity.

2. Definitions

For the purpose of this Regulation the following definitions shall apply:

2.1. "Vehicle type" means vehicles which do not differ in at least the following

essential respects:

(a) The manufacturer’s designation of the vehicle type;

(b) Essential aspects of the electric/electronic architecture and external

interfaces with respect to cyber security.

2.2. "Cyber security" means the condition in which road vehicles and their

functions are protected from cyber threats to electrical or electronic

components.

2.3. "Cyber Security Management System (CSMS)" means a systematic risk-based

approach defining organisational processes, responsibilities and governance to

treat risk associated with cyber threats to vehicles and protect them from cyber-

attacks.

2.4. "System" means a set of components and/or sub-systems that implements a

function or functions.

2.5. "Development phase" means the period before a vehicle type is type approved.

2.6. "Production phase" refers to the duration of production of a vehicle type.

2.7. "Post-production phase" refers to the period in which a vehicle type is no

longer produced until the end-of-life of all vehicles under the vehicle type.

Vehicles incorporating a specific vehicle type will be operational during this

phase but will no longer be produced. The phase ends when there are no longer

any operational vehicles of a specific vehicle type.

2.8. "Mitigation" means a measure that is reducing risk.

2.9. "Risk" means the potential that a given threat will exploit vulnerabilities of a

vehicle and thereby cause harm to the organization or to an individual.

2.10. "Risk Assessment" means the overall process of finding, recognizing and

describing risks (risk identification), to comprehend the nature of risk and to

E/ECE/TRANS/505/Rev.3/Add.154

determine the level of risk (risk analysis), and of comparing the results of risk

analysis with risk criteria to determine whether the risk and/or its magnitude is

acceptable or tolerable (risk evaluation).

2.11. "Risk Management" means coordinated activities to direct and control an

organization with regard to risk.

2.12. "Threat" means a potential cause of an unwanted incident, which may result in

harm to a system, organization or individual.

2.13. "Vulnerability" means a weakness of an asset or mitigation that can be

exploited by one or more threats.

3. Application for approval

3.1. The application for approval of a vehicle type with regard to cyber security

shall be submitted by the vehicle manufacturer or by their duly accredited

representative.

3.2. It shall be accompanied by the undermentioned documents in triplicate, and by

the following particulars:

3.2.1. A description of the vehicle type with regard to the items specified in Annex 1

to this Regulation.

3.2.2. In cases where information is shown to be covered by intellectual property

rights or to constitute specific know-how of the manufacturer or of their

suppliers, the manufacturer or their suppliers shall make available sufficient

information to enable the checks referred to in this Regulation to be made

properly. Such information shall be treated on a confidential basis.

3.2.3. The Certificate of Compliance for CSMS according to paragraph 6 of this

Regulation.

3.3. Documentation shall be made available in two parts:

(a) The formal documentation package for the approval, containing the

material specified in Annex 1 which shall be supplied to the Approval

Authority or its Technical Service at the time of submission of the type

approval application. This documentation package shall be used by the

Approval Authority or its Technical Service as the basic reference for

the approval process. The Approval Authority or its Technical Service

shall ensure that this documentation package remains available for at

least 10 years counted from the time when production of the vehicle

type is definitively discontinued.

(b) Additional material relevant to the requirements of this regulation may

be retained by the manufacturer, but made open for inspection at the

time of type approval. The manufacturer shall ensure that any material

made open for inspection at the time of type approval remains available

for at least a period of 10 years counted from the time when production

of the vehicle type is definitively discontinued.

4. Marking

4.1. There shall be affixed, conspicuously and in a readily accessible place

specified on the approval form, to every vehicle conforming to a vehicle type

approved under this Regulation an international approval mark consisting of:

4.1.1. A circle surrounding the Letter "E" followed by the distinguishing number of

the country which has granted approval.

4.1.2. The number of this Regulation, followed by the letter "R", a dash and the

approval number to the right of the circle described in paragraph 4.1.1. above.

剩余29页未读，继续阅读

评论收藏

内容反馈

一维叶

粉丝: 31
资源: 8

UN R155 信息安全法规英文原版

最新资源

UN R155 信息安全法规 英文原版

UN R155 信息安全法规 中英文版

UN Regulation No. 155

UN Regulation No.155 - Cyber security and cyber security managem

译文_UN Regulation No. 155(网络安全).pdf

WP29 UN R155+R156(word+pdf英文)+ISO24089+ISO21434(pdf中英文)

UN.R155法规英文原版

UN.R155法规中文对照翻译

UN R151e ~4e 法规原文修正法规

新能源汽车+软件升级UN R156+软件升级法律法规+汽车信息安全软件升级R156

WP29 UN R155+R156(word+pdf英文)+ISO24089+ISO21434(pdf中英文).zip

UN ECE R155e 2021.rar

UN R48 关于安装照明和灯光标志装置的车辆认证的统一规定

ECE R155.pdf

ECE Addendum 154 – UN Regulation No. 155 R155-am1e.rar

UN R152 关于M1和N1型机动车高级紧急制动系统（AEBS）型式认证的统一规定（中英文版）

UN-ST-SG-AC.10-11-Rev7 试验和标准手册，包含UN38.3 -全文583页,英文原版

ECE Addendum 154 – UN Regulation No. 155 R155-am1e.pdf

UN Regulation No.156 - Software update and software update manag

自动驾驶安全方面的信息安全.pdf

ECE_Regulation_R156e.pdf

UN R157 关于自动车道保持系统车辆认证的统一规定(中英文版)

ECE R79针对乘用车法规解读

UN38.3 中英文标准.zip

R157 有关自动车道保持系统的车辆批准的统一规定

UN Regulation No 130（LDWS) P13页

UN R151,R158,R159法规原文及机翻

UN Regulation No. 155-中文版

10 R155e (2).pdf

UN38.3 -2019(Rev 7) - 最新英文电子版（14页）.pdf

最新资源

UN R155 信息安全法规英文原版

UN R155 信息安全法规中英文版