Relationship | ISO/SAE 21434 and WP.29 CSMS


The WP.29 regulation and the ISO/SAE standard are complementary and both look at securing modern vehicles in a similar way.

The main commonalities between them are first, that both require securing the vehicle throughout its lifecycle, starting from development, going through production, and all the way to its post-production service-time while it’s on the road.

Secondly, both require an effective cybersecurity management system inside the organization. Both require performing very thorough TARA activities, which is Threat Analysis and Risk Assessment throughout the vehicle lifecycle. And both require effective management of the supply chain of the vehicle.

However, there are a few differences between the standard and regulation. The regulation is legally binding within all the countries that participate in the regulation, which are also known as the contracting parties, while the standard will be probably widely accepted in the industry but will not be legally binding.

Additionally, the regulation is very particular in specific areas. For example, it provides a comprehensive list of threats that serve as baseline threats in order to assess if a vehicle and the connected services are secure. While the standard goes very deep by thoroughly describing how to do some activities such as TARA, Threat Assessment and Risk Analysis, cybersecurity management in the organization, and cybersecurity management for the supply chain.

Ultimately, the standard and the regulation are complimentary and are also non-contradicting, which means that if an OEM does a thorough job in adhering to one of them, it will be well on its way to complying with the other.

Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

The high-impact automotive cyber security trends and incidents of H1-2022

This webinar will discuss three emerging cyber threats and their potential impact on end users, OEMs, and the entire smart mobility ecosystem.

More Details

H1’2022 Automotive Cyber Trend Report

This report offers extensive coverage and analysis of automotive-specific cyber incidents across all attack vectors and their impact on the wide ecosystem.

More Details

EV 充電所 拡大に向けて: EV充電所インフラ安全確保への課題

Delivering driver confidence with robust charging networks has created new opportunities for hackers to penetrate OEM and Tier-1 networks by tampering with charging station data.

More Details

The Leading Managed Vehicle SOC: Actively Protecting Millions of Vehicles for OEMs Worldwide

Protect automotive cybersecurity with an automotive-specific Vehicle Security Operations Center (VSOCs) to address the complexity of cyberattacks targeting OT networks, such as connected vehicles and&

More Details

Beyond Cyber: Upstream Puts Data in Motion

Automotive data in the cloud breaks silos, allowing teams to analyze information in the pursuit of identifying exciting new revenue opportunities.

More Details

2022 グローバルモビリティ サイバーセキュリティ報告書

2022 グローバルモビリティ サイバーセキュリティ報告書2022年版のサイバーセキュリティ報告書では過去10年に実際に 起こったサイバー攻撃の脅威を

More Details