Relationship | ISO/SAE 21434 and WP.29 CSMS


The WP.29 regulation and the ISO/SAE standard are complementary and both look at securing modern vehicles in a similar way.

The main commonalities between them are first, that both require securing the vehicle throughout its lifecycle, starting from development, going through production, and all the way to its post-production service-time while it’s on the road.

Secondly, both require an effective cybersecurity management system inside the organization. Both require performing very thorough TARA activities, which is Threat Analysis and Risk Assessment throughout the vehicle lifecycle. And both require effective management of the supply chain of the vehicle.

However, there are a few differences between the standard and regulation. The regulation is legally binding within all the countries that participate in the regulation, which are also known as the contracting parties, while the standard will be probably widely accepted in the industry but will not be legally binding.

Additionally, the regulation is very particular in specific areas. For example, it provides a comprehensive list of threats that serve as baseline threats in order to assess if a vehicle and the connected services are secure. While the standard goes very deep by thoroughly describing how to do some activities such as TARA, Threat Assessment and Risk Analysis, cybersecurity management in the organization, and cybersecurity management for the supply chain.

Ultimately, the standard and the regulation are complimentary and are also non-contradicting, which means that if an OEM does a thorough job in adhering to one of them, it will be well on its way to complying with the other.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

By clicking Subscribe, I agree to the use of my personal data in accordance with Privacy Policy. Upstream will not sell, trade, lease, or rent your personal data to third parties.

Protecting Electric Vehicles: Modern Cybersecurity Solutions and the Road to Revenue

There is much to enjoy in the performance of electric vehicles and advanced features of electric vehicles, yet each connected capability such as GPS, mobile…

More Details

Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats

Read about how a multi-layered cloud-based approach can protect today’s commercial vehicles while streamlining data processes.

More Details

Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre

OEMs are relying on their connected vehicles to drive them from “Car Co’s” to “Tech Co’s”.

More Details

Upstream Detects a Critical Vulnerability in Linux-Based Head Units

Read about how Upstream’s AutoThreat® Intelligence team works to hunt threats that are hiding in the surface, deep, and dark web- allowing you to meet…

More Details

What is Upstream’s AutoThreat® Intelligence?

Upstream’s AutoThreat® Intelligence is the automotive industry’s leading cyber threat intelligence and risk assessment solution. It is purpose-built to collect, analyze, and leverage automotive t

More Details

How AutoThreat® Supports Automotive Cybersecurity

AutoThreat’s® automotive-focused analysts scour the surface, deep, and dark web for incidents that matter most to the automotive ecosystem. Together, our researchers combine both manual…

More Details