This document specifies requirements for cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces.
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk.
This document is applicable to series production road vehicle E/E systems, including their components and interfaces whose development or modification began after the publication of the document.
This document does not prescribe specific technology or solutions related to cybersecurity.
Rationale: This document addresses the cybersecurity perspective in engineering of electrical and electronic (E/E) systems within road vehicles. By ensuring appropriate consideration of cybersecurity, this document aims to enable the engineering of E/E systems to keep up with changing technology and attack methods.
This document provides vocabulary, objectives, requirements and guidelines as a foundation for common understanding throughout the supply chain. This enables organizations to:
- define cybersecurity policies and processes;
- manage cybersecurity risk; and
- foster a cybersecurity culture.