ISO/SAE 21434:2021道路车辆 信息安全工程标准简介
发布时间: 2021-09-06 13:25 点击:
ISO/SAE 21434:2021道路车辆 信息安全工程标准简介
(一)标准一般信息
状态:已发布
发布日期:2021-08
版本:第1版
页数:81页
技术委员会:ISO/TC 22/SC 32 Electrical and electronic components and general system aspects(电气和电子元件及一般系统相关)
(二)标准的目的
本文件阐述了道路车辆电气和电子(E/E)系统工程中的信息安全观点。通过确保对信息安全的适当考虑,本文件旨在使电子/电子系统工程跟上最先进的技术和不断发展的攻击方法。
本文档提供了与信息安全工程相关的词汇、目标、要求和准则,作为整个供应链中共同理解的基础。这使组织能够:
定义信息安全政策和流程;
管理信息安全风险;
培养信息安全文化。
本文件可用于实施信息安全管理系统,包括信息安全风险管理。
(三)本文件的组织
图1给出了标准文档结构的概述。图1的元素没有规定各个主题的执行顺序。
标准文件概述
第4条(一般注意事项)仅供参考,包括本文件中道路车辆信息安全工程方法的背景和观点。
第5条(组织信息安全管理)包括组织信息安全政策、规则和流程的信息安全管理和规范。
第6条(项目相关信息安全管理)包括项目层面的信息安全管理和信息安全活动。
第7条(分布式信息安全活动)包括在客户和供应商之间分配信息安全活动责任的要求。
第8条(持续信息安全活动)包括为持续风险评估提供信息的活动,并定义了在信息安全支持结束前电子/电子系统的脆弱性管理(vulnerability management)。
第9条(概念)包括确定项目信息安全风险、信息安全目标和信息安全要求的活动。
第10条(产品开发)包括定义信息安全规范、实施和验证信息安全要求的活动。
第11条(信息安全验证)包括车辆级项目的信息安全验证。
第12条(生产)包括物品或组件制造和组装的信息安全相关方面。
第13条(操作和维护)包括与信息安全事件响应和项目或组件更新相关的活动。
第14条(结束信息安全支持及报废)包括结束项目或组件支持和报废的信息安全考虑因素。
第15条(威胁分析和风险评估方法)包括模块化的分析和评估方法,以确定信息安全风险的程度,从而采取措施。
第5条至第15条有自己的目标、规定(即要求、建议、许可)和工作成果(work products)。工作成果是满足一个或多个相关要求的信息安全活动的结果。
“先决条件”是由前一阶段的工作成果组成的强制性输入,“进一步支持信息”是指可以考虑的信息,可由有别于信息安全活动负责人的来源提供。
条款和工作成果被分配唯一标识符,由两个字母的缩写(“RQ”表示要求,“RC”表示建议,“PM”表示许可,“WP”表示工作成果)组成,后跟两个数字,用连字符分隔。第一个数字表示该条款,第二个数字分别表示该条款的条款或工作成果的连续顺序。例如,[RQ-05-14]指第5条中的第14条规定,这是一项要求。
(四)标准目录
(五)图目录
(六)表目录
(七)部分标准内容(译文仅供参考):
1.范围
本文件规定了有关道路车辆电气和电子(E/E:electrical and electronic)系统(包括其部件和接口)的概念、产品开发、生产、操作、维护和报废的信息安全风险管理(cybersecurity risk management)工程要求。
定义了一个框架,其中包括信息安全流程的要求以及沟通和管理信息安全风险的通用语言。
本文件适用于在本文件出版后开始开发或修改的系列生产道路车辆E/E系统,包括其部件和接口。
本文件未规定与信息安全相关的具体技术或解决方案。
2.规范性引用文件
ISO 26262-3:2018,Road vehicles — Functional safety — Part 3: Concept phase(道路车辆-功能安全-第3部分:概念阶段)
3.术语、定义和缩写术语/Terms, definitions and abbreviated terms
3.1术语和定义
在本文件中,适用以下术语和定义。
ISO和IEC在以下地址维护用于标准化的术语数据库:
ISO在线浏览平台:https://www.iso.org/obp
IEC电子百科全书:https://www.electropedia.org/
3.1.1
architectural design
representation that allows for identification of components (3.1.7), their boundaries, interfaces and interactions
3.1.2
asset
object that has value, or contributes to value
Note 1 to entry: An asset has one or more cybersecurity properties (3.1.20) whose compromise can lead to one or more damage scenarios (3.1.22).
3.1.3
attack feasibility
attribute of an attack path (3.1.4) describing the ease of successfully carrying out the corresponding set of actions
3.1.4
attack path
attack
set of deliberate actions to realize a threat scenario (3.1.33)
3.1.5
attacker
person, group, or organization that carries out an attack path (3.1.4)
3.1.6
audit
examination of a process to determine the extent to which the process objectives are achieved
[SOURCE: ISO 26262-1:2018 [1], 3.5, modified — The phrase “with regard to” was substituted by "to determine the extent to which" and "are achieved" was added.]
3.1.7
component
part that is logically and technically separable
3.1.8
customer
person or organization that receives a service or product
[SOURCE: ISO 9000:2015 [2], 3.2.4, modified — The phrase “could or does receive” was replaced by “receives”, the phrase “that is intended for or required by this person or organization” was omitted, and the example and note 1 to entry were omitted.]
3.1.9
cybersecurity
road vehicle cybersecurity
condition in which assets (3.1.2) are sufficiently protected against threat scenarios (3.1.33) to items (3.1.25) of road vehicles, their functions and their electrical or electronic components (3.1.7)
Note 1 to entry: In this document, for the sake of brevity, the term cybersecurity is used instead of road vehicle cybersecurity.
3.1.10
cybersecurity assessment
judgement of cybersecurity (3.1.9)
3.1.11
cybersecurity case
structured argument supported by evidence to state that risks (3.1.29) are not unreasonable
3.1.12
cybersecurity claim
statement about a risk (3.1.29)
Note 1 to entry: The cybersecurity claim can include a justification for retaining or sharing the risk.
3.1.13
cybersecurity concept
cybersecurity requirements of the item (3.1.25) and requirements on the operational environment (3.1.26), with associated information on cybersecurity controls (3.1.14)
3.1.14
cybersecurity control
measure that is modifying risk (3.1.29)
[SOURCE: ISO 31000:2018 [3], 3.8, modified — The word "cybersecurity" was added to the term, the phrase “maintains and/or” was deleted, the notes to entry were deleted.]
3.1.15
cybersecurity event
cybersecurity information (3.1.18) that is relevant for an item (3.1.25) or component (3.1.7)
3.1.16
cybersecurity goal
concept-level cybersecurity requirement associated with one or more threat scenarios (3.1.33)
3.1.17
cybersecurity incident
situation in the field that can involve vulnerability (3.1.38) exploitation
3.1.18
cybersecurity information
information with regard to cybersecurity (3.1.9) for which relevance is not yet determined
3.1.19
cybersecurity interface agreement
agreement between customer (3.1.8) and supplier concerning distributed cybersecurity activities (3.1.23)
3.1.20
cybersecurity property
attribute that can be worth protecting
Note 1 to entry: Attributes include confidentiality, integrity and/or availability.
3.1.21
cybersecurity specification
cybersecurity requirements and corresponding architectural design (3.1.1)
3.1.22
damage scenario
adverse consequence involving a vehicle or vehicle function and affecting a road user (3.1.31)
3.1.23
distributed cybersecurity activities
cybersecurity activities for the item (3.1.25) or component (3.1.7) whose responsibilities are distributed between customer (3.1.8)and supplier
3.1.24
impact
estimate of magnitude of damage or physical harm from a damage scenario (3.1.22)
3.1.25
item
component or set of components (3.1.7) that implements a function at the vehicle level
Note 1 to entry: A system can be an item if it implements a function at the vehicle level, otherwise it is a component.
[SOURCE: ISO 26262-1:2018 [1], 3.8, modified — The term “system” has been replaced by “component”, the phrases “to which ISO 26262 is applied” and “or part of a function” have been omitted and the Note 1 to entry has been replaced.]
3.1.26
operational environment
context considering interactions in operational use
Note 1 to entry: Operational use of an item (3.1.25) or a component (3.1.7) can include use in a vehicle function, in production, and/or in service and repair.
3.1.27
out-of-context
not developed in the context of a specific item (3.1.25)
EXAMPLE:
Processing unit with assumed cybersecurity requirements to be integrated in different items.
3.1.28
penetration testing
cybersecurity testing in which real-world attacks are mimicked to identify ways to compromise cybersecurity goals (3.1.16)
3.1.29
risk
cybersecurity risk
effect of uncertainty on road vehicle cybersecurity (3.1.9) expressed in terms of attack feasibility (3.1.3) and impact (3.1.24)
3.1.30
risk management
coordinated activities to direct and control an organization with regard to risk (3.1.29)
[SOURCE: ISO 31000:2018 [3], 3.2]
3.1.31
road user
person who uses a road
EXAMPLE:
Passenger, pedestrian, cyclist, motorist, or vehicle owner.
3.1.32
tailor,verb
to omit or perform an activity in a different manner compared to its description in this document
3.1.33
threat scenario
potential cause of compromise of cybersecurity properties (3.1.20) of one or more assets (3.1.2) in order to realize a damage scenario (3.1.22)
3.1.34
triage
analysis to determine the relevance of cybersecurity information (3.1.18) to an item (3.1.25) or component (3.1.7)
3.1.35
trigger
criterion for triage (3.1.34)
3.1.36
validation
confirmation, through the provision of objective evidence, that the cybersecurity goals (3.1.16) of the item (3.1.25) are adequate and are achieved
[SOURCE: ISO/IEC/IEEE 15288:2015 [4], 4.1.53, modified — The phrase “requirements for a specific intended use or application have been fulfilled” has been replaced by “cybersecurity goals of the item are adequate and are achieved”, note 1 to entry has been omitted.]
3.1.37
verification
confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
[SOURCE: ISO/IEC/IEEE 15288:2015 [4], 4.1.54, modified — The note 1 to entry has been omitted.]
3.1.38
vulnerability
weakness (3.1.40) that can be exploited as part of an attack path (3.1.4)
[SOURCE: ISO/IEC 27000:2018 [5], 3.77, modified — The phrase “of an asset or control” has been omitted; the phrase “by one or more threats” has been replaced by “as part of an attack path”.]
3.1.39
vulnerability analysis
systematic identification and evaluation of vulnerabilities (3.1.38)
3.1.40
weakness
defect or characteristic that can lead to undesirable behaviour
EXAMPLE 1:Missing requirement or specification.
EXAMPLE 2:Architectural or design flaw, including incorrect design of a security protocol.
EXAMPLE 3:Implementation weakness, including hardware and software defect, incorrect implementation of a security protocol.
EXAMPLE 4:Flaw in the operational process or procedure, including misuse and inadequate user training.
EXAMPLE 5:Use of an outdated or deprecated function, including cryptographic algorithms.
中鸿认证服务 www.cnqr.org 1998年至今 ISO认证/企业资质服务 直办非中介 全国接单 远程或就近安排审核
新系统集成资质CS/ITSS/CCRC/DCMM认证,ISO三体系,售后服务/诚信认证,软件CMMI评估,互联网ISO27001/ISO27701/ISO20000认证,食品HACCP/ISO22000/BRC/绿色食品/有机食品,汽车16949认证,军工三证,实验室CMA/CNAS/10012,社会责任SA8000/ISO26000,医疗器械13485,知产贯标/能源体系/业务连续性等,产品认证(3C/绿色产品/十环)各类AAA信用评级等等,详见QQ空间。
1.诚聘专兼职审核员(全国),专职咨询老师(成都),专职市场专员 年薪10-35万
2.全国诚招ISO认证代理人(个人级/企业级),转发信息即佣金,免费培训。
3.本年度ISO内审员免费培训开始了,每月免费名额有限,从速预计。