ISO/TC 22/SC 32/WG 11 - Cybersecurity

In addition to the guidelines in ISO 19011, this document provides guidelines to organizations that contribute to the achievement of road vehicle cybersecurity throughout the supply chain on: — managing an audit programme for a cybersecurity management system (CSMS); — conducting organizational CSMS audits; — competencies of CSMS auditors; and — providing evidence during CSMS audits. Elements of the CSMS are based on the processes described in ISO/SAE 21434. This document is applicable to those needing to understand or conduct internal or external audits of a CSMS or to manage a CSMS audit programme. This document does not provide guidelines on cybersecurity assessments.

This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces. A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. This document is applicable to series production road vehicle E/E systems, including their components and interfaces, whose development or modification began after the publication of this document. This document does not prescribe specific technology or solutions related to cybersecurity.