Relationship | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

The WP.29 regulation and the ISO/SAE standard are complementary and both look at securing modern vehicles in a similar way.

The main commonalities between them are first, that both require securing the vehicle throughout its lifecycle, starting from development, going through production, and all the way to its post-production service-time while it’s on the road.

Secondly, both require an effective cybersecurity management system inside the organization. Both require performing very thorough TARA activities, which is Threat Analysis and Risk Assessment throughout the vehicle lifecycle. And both require effective management of the supply chain of the vehicle.

However, there are a few differences between the standard and regulation. The regulation is legally binding within all the countries that participate in the regulation, which are also known as the contracting parties, while the standard will be probably widely accepted in the industry but will not be legally binding.

Additionally, the regulation is very particular in specific areas. For example, it provides a comprehensive list of threats that serve as baseline threats in order to assess if a vehicle and the connected services are secure. While the standard goes very deep by thoroughly describing how to do some activities such as TARA, Threat Assessment and Risk Analysis, cybersecurity management in the organization, and cybersecurity management for the supply chain.

Ultimately, the standard and the regulation are complimentary and are also non-contradicting, which means that if an OEM does a thorough job in adhering to one of them, it will be well on its way to complying with the other.

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Switched on: leveraging cyber resilience to safeguard the future of EVs

More Details

Infographic: The Automotive Cybersecurity Inflection Point 2024 Report

More Details

Watch: Scaling Software-Defined Vehicle Security, without Increasing Costs

In this webinar, Upstream and BlackBerry IVY's experts discuss the role of synthetic sensors in automotive cybersecurity and how to reduce cloud computing and data…

More Details

Secure Connected IoT Devices in the Mobility & Transportation Ecosystem

More Details

Scaling Software-Defined Vehicle Security, without Increasing Costs

Connected and software-defined vehicles generate vast amounts of data – upwards of 25 GB an hour per car. To help make sense of this data…

More Details

Watch: The automotive cybersecurity inflection point in 2024: from experimental to massive-scale attacks

In this webinar, Upstream experts share significant findings from Upstream’s 2024 Global Automotive Cyber Trends Report, providing insights and predictions for 2024.

More Details