STANDARDS AND REGULATIONS

Official Source Library

While automotive cybersecurity is a new and evolving field, governments, standards bodies, and regulators have worked over the past few years to develop effective homologous requirements for the automotive industry. Below is a library with links to some of those official automotive cybersecurity standards and regulations that have been developed.

Society of Automotive Engineers

ISO/SAE 21434. Road Vehicles – Cybersecurity Engineering.

 

Type: Standard

 

Draft/not published. Final publication is expected by the end of 2020 or early 2021.

Society of Automotive Engineers

SAE J3061. Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.

 

Type: Standard

Society of Automotive Engineers

SAE J3101. Hardware Protected Security for Ground Vehicles

 

Type: Standard

 

International Organization for Standardization

ISO 26262. Road vehicles — Functional safety.

 

Type: Standard

 

 

International Organization for Standardization

ISO/SAE 21434. Road vehicles — Cybersecurity engineering.

 

Type: Standard.

 

Draft/not published. Final publication is expected by the end of 2020 or early 2021.

International Organization for Standardization

ISO/AWI 24089. Road vehicles — Software update engineering.

 

Type: Standard

National Highway Traffic Safety Administration

Cybersecurity Best Practices for Modern Vehicles

 

Type: Best practice/framework

National Highway Traffic Safety Administration

Automated Driving
Systems

 

Type: Best practice/framework

United Nations Economic Commission for Europe

WP.29 (World Forum for Harmonization of Vehicle Regulations).

 

UN Regulation on uniform provisions concerning the approval of vehicles with regard to cyber security and of their cybersecurity management systems

 

Type: Regulation/law

 

Draft/not published. Final publication is expected by the summer of 2020.

 

Verband der Automobilindustrie

Information Security Assessment

 

Type: Best practice/framework

VDA

Information-technology Promotion Agency (Japan)

Approaches for Vehicle
Information Security

 

Type: Best practice/framework

Automotive Information Sharing and Analysis Centers

Automotive ISAC Best Practices

 

Type: Best practice/framework

Ministry of Industry and Information Technology (China)

National Guidelines for Developing the Standards System of the Telematics Industry

 

Type: Best practice/framework

Auto Alliance

Consumer Privacy Protection Principles (CPPP) for Vehicle Technologies and Services

 

Type: Best practice/framework

HM Government

The key principles of vehicle cyber security for connected and automated vehicles

 

Type: Best practice/framework

Automotive Open System Architecture

Secure Onboard Communications

 

Type: Standard

BSI (British Standards Institution)

BSI PAS 1885:2018. The Fundamental Principles Of Automotive Cyber Security. Specification (British Standard).

 

Type: Standard

Automotive SIG

Quality Management in the Automotive Industry. Automotive SPICE Process Assessment / Reference Model.

 

Authors: VDA QMC Working Group 13 / Automotive SIG

 

Type: Best practice/framework

European Automobile Manufacturers Association

Principles of Automobile Cybersecurity

European Union Agency for Cybersecurity

ENISA good practices for security of Smart Cars