ISO-21434.pdf_21434资源-CSDN文库

5星 · 超过95%的资源需积分: 31 5.8k 浏览量 2019-10-30 11:49:06 上传评论 8 收藏 2.11MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源推荐

资源详情

资源评论

ISOSAE21434:2018(X)1

ISO TC 22/SC 32/WG 11 2

SAE 3

Secretariat: ISO SAE 4

Roadvehicles–Cybersecurityengineering5

CD stage 7

WarningforWDsandCDs10

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to 11

change without notice and may not be referred to as an International Standard. 12

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of 13

which they are aware and to provide supporting documentation. 14

Tohelpyou,thisguideonwritingstandardswasproducedbytheISO/TMBandisavailableat15

https://www.iso.org/iso/how‐to‐write‐standards.pdf16

AmodelmanuscriptofadraftInternationalStandard(knownas“TheRiceModel”)isavailableat17

https://www.iso.org/iso/model_document‐rice_model.pdf18

ISOSAE21434:2018(X)

Contents33

Foreword.......................................................................................................................................................................vii34

Introduction.................................................................................................................................................................viii35

1 Scope.......................................................................................................................................................................... 136

2 Normativereferences..........................................................................................................................................137

3 Termsandabbreviations....................................................................................................................................138

 Termsanddefinitions..........................................................................................................................................1

3.1

 Abbreviatedterms................................................................................................................................................6

3.2

4 Generalconsiderations(informative)...........................................................................................................641

 Thevehicleecosystem.........................................................................................................................................6

4.1

 Organizationaloverviewof cybersecuritymanagement........................................................................8

4.2

 Lifecycle.....................................................................................................................................................................8

4.3

 Stagesofthepost‐productionphase...............................................................................................................9

4.4

5 ManagementofCybersecurity.......................................................................................................................1046

 OverallCybersecurityManagement............................................................................................................10

5.1

5.1.1 Objectives........................................................................................................................................................1048

5.1.2 General.............................................................................................................................................................1149

5.1.3 Inputs................................................................................................................................................................1150

5.1.4 Requirementsandrecommendations..................................................................................................1151

5.1.5 Workproducts...............................................................................................................................................1652

 Cybersecuritymanagement duringtheconceptphaseandproductdevelopment....................16

5.2

5.2.1 Objectives........................................................................................................................................................1654

5.2.2 General.............................................................................................................................................................1655

5.2.3 Inputs................................................................................................................................................................1756

5.2.4 Requirementsandrecommendations..................................................................................................1757

5.2.5 Workproducts...............................................................................................................................................2458

 Cybersecuritymanagement duringproduction,operationsandmaintenance...........................24

5.3

5.3.1 Objectives........................................................................................................................................................2460

5.3.2 General.............................................................................................................................................................2461

5.3.3 Inputs................................................................................................................................................................2462

5.3.4 Requirementsandrecommendations..................................................................................................2563

 InformationCollectionandRetention........................................................................................................26

5.4

5.4.1 Objective..........................................................................................................................................................2665

5.4.2 General.............................................................................................................................................................2666

5.4.3 Inputs................................................................................................................................................................2667

5.4.4 Requirementsandrecommendations..................................................................................................2668

6 Riskassessmentmethods................................................................................................................................2769

 Riskassessmentmethodsintroduction (informative).........................................................................27

6.1

 Assetidentification............................................................................................................................................29

6.2

6.2.1 Objectives........................................................................................................................................................2972

6.2.2 General.............................................................................................................................................................2973

6.2.3 Inputs................................................................................................................................................................3074

6.2.4 RequirementsandRecommendations.................................................................................................3175

6.2.5 WorkProducts...............................................................................................................................................3176

 ThreatAnalysis....................................................................................................................................................32

6.3

6.3.1 Objectives........................................................................................................................................................3278

6.3.2 General.............................................................................................................................................................3279

6.3.3 Inputs................................................................................................................................................................3280

6.3.4 Requirementsandrecommendations..................................................................................................3381

6.3.5 Workproducts...............................................................................................................................................3382

ISOSAE21434:2018(X)

 ImpactAssessment.............................................................................................................................................33

6.4

6.4.1 Objectives........................................................................................................................................................3384

6.4.2 General.............................................................................................................................................................3385

6.4.3 Inputs................................................................................................................................................................3486

6.4.4 RequirementsandRecommendations.................................................................................................3487

6.4.5 Workproducts...............................................................................................................................................3688

 Vulnerabilityanalysis.......................................................................................................................................36

6.5

6.5.1 Objectives........................................................................................................................................................3690

6.5.2 General.............................................................................................................................................................3691

6.5.3 Inputs................................................................................................................................................................3892

6.5.4 RequirementsandRecommendations.................................................................................................3993

6.5.5 Workproducts...............................................................................................................................................4094

 Attackanalysis.....................................................................................................................................................40

6.6

6.6.1 Objectives........................................................................................................................................................4096

6.6.2 General.............................................................................................................................................................4097

6.6.3 Inputs................................................................................................................................................................4098

6.6.4 Requirementsandrecommendations..................................................................................................4199

6.6.5 Workproducts...............................................................................................................................................42100

 AttackFeasibilityAssessment........................................................................................................................42

6.7

101

6.7.1 Objectives........................................................................................................................................................42102

6.7.2 General.............................................................................................................................................................42103

6.7.3 Inputs................................................................................................................................................................42104

6.7.4 Requirementsandrecommendations..................................................................................................42105

6.7.5 Workproducts...............................................................................................................................................44106

 Riskassessment..................................................................................................................................................44

6.8

107

6.8.1 Objectives........................................................................................................................................................44108

6.8.2 General.............................................................................................................................................................44109

6.8.3 Inputs................................................................................................................................................................45110

6.8.4 RequirementsandRecommendations.................................................................................................45111

6.8.5 Workproducts...............................................................................................................................................45112

 RiskTreatment....................................................................................................................................................45

6.9

113

6.9.1 Objectives........................................................................................................................................................45114

6.9.2 General.............................................................................................................................................................45115

6.9.3 Inputs................................................................................................................................................................46116

6.9.4 RequirementsandRecommendations.................................................................................................47117

6.9.5 Workproducts...............................................................................................................................................47118

7 ConceptPhase......................................................................................................................................................47119

 CybersecurityRelevance..................................................................................................................................47

7.1

120

7.1.1 Objectives........................................................................................................................................................47121

7.1.2 General.............................................................................................................................................................48122

7.1.3 Inputs................................................................................................................................................................48123

7.1.4 RequirementsandRecommendations.................................................................................................48124

7.1.5 Workproducts...............................................................................................................................................48125

 ItemDefinition.....................................................................................................................................................48

7.2

126

7.2.1 Objectives........................................................................................................................................................48127

7.2.2 General.............................................................................................................................................................48128

7.2.3 Inputs................................................................................................................................................................49129

7.2.4 RequirementsandRecommendations.................................................................................................49130

7.2.5 Workproducts...............................................................................................................................................50131

 Initiationofproductdevelopmentattheconceptphase.....................................................................50

7.3

132

7.3.1 Objectives........................................................................................................................................................50133

7.3.2 General.............................................................................................................................................................50134

7.3.3 Inputs................................................................................................................................................................50135

7.3.4 Requirementsandrecommendations..................................................................................................50136

ISOSAE21434:2018(X)

7.3.5 WorkProducts...............................................................................................................................................51137

 Cybersecuritygoa ls............................................................................................................................................51

7.4

138

7.4.1 Objectives........................................................................................................................................................51139

7.4.2 General.............................................................................................................................................................51140

7.4.3 Inputs................................................................................................................................................................51141

7.4.4 Requirementsandrecommendations..................................................................................................51142

7.4.5 WorkProducts...............................................................................................................................................53143

 Cybersecurityconcept......................................................................................................................................53

7.5

144

7.5.1 Objectives........................................................................................................................................................53145

7.5.2 General.............................................................................................................................................................53146

7.5.3 Inputs................................................................................................................................................................53147

7.5.4 Requirementsandrecommendations..................................................................................................54148

7.5.5 WorkProducts...............................................................................................................................................55149

8 Productdevelopment........................................................................................................................................55150

 Systemdevelopmentphase.............................................................................................................................55

8.1

151

8.1.1 Objectives........................................................................................................................................................55152

8.1.2 General.............................................................................................................................................................55153

8.1.3 Inputs................................................................................................................................................................56154

8.1.4 Requirementsandrecommendations..................................................................................................57155

8.1.5 Workproducts...............................................................................................................................................63156

 Hardwaredevelopmentphase.......................................................................................................................63

8.2

157

8.2.1 Objectives........................................................................................................................................................63158

8.2.2 General.............................................................................................................................................................64159

8.2.3 Inputs................................................................................................................................................................64160

8.2.4 Requirementsandrecommendations..................................................................................................65161

8.2.5 Workproducts...............................................................................................................................................68162

 Softwaredevelopmentphase.........................................................................................................................68

8.3

163

8.3.1 Objectives........................................................................................................................................................68164

8.3.2 General.............................................................................................................................................................69165

8.3.3 Inputs................................................................................................................................................................69166

8.3.4 Requirementsandrecommendations..................................................................................................70167

8.3.5 Workproducts...............................................................................................................................................82168

 Verificationandvalidation.............................................................................................................................83

8.4

169

8.4.1 Objective..........................................................................................................................................................83170

8.4.2 General.............................................................................................................................................................83171

8.4.3 Inputs................................................................................................................................................................84172

8.4.4 Requirementsandrecommendations..................................................................................................84173

8.4.5 Workproducts...............................................................................................................................................87174

 Releaseforpost‐development.......................................................................................................................87

8.5

175

8.5.1 Objective..........................................................................................................................................................87176

8.5.2 General.............................................................................................................................................................87177

8.5.3 Inputs................................................................................................................................................................88178

8.5.4 Requirementsandrecommendations..................................................................................................88179

8.5.5 Workproducts...............................................................................................................................................89180

9 Production,operationsandmaintenance.................................................................................................89181

 Production............................................................................................................................................................. 89

9.1

182

9.1.1 Objectives........................................................................................................................................................89183

9.1.2 General.............................................................................................................................................................89184

9.1.3 Inputs................................................................................................................................................................89185

9.1.4 Requirementsandrecommendations..................................................................................................89186

9.1.5 Workproducts...............................................................................................................................................91187

 CybersecurityMonitoring................................................................................................................................91

9.2

188

9.2.1 Objectives........................................................................................................................................................91189

9.2.2 General.............................................................................................................................................................91190

剩余150页未读，继续阅读

评论收藏

内容反馈