INTERNATIONAL STANDARD ISO/SAE 21434 First edition 2021-08 Road vehicles — Cybersecurity engineering Véhicules routiers — Ingénierie de la cybersécurité Reference number ISO/SAE 21434:2021(E) © ISO/SAE International 2021 ISO/SAE 21434:2021(E) COPYRIGHT PROTECTED DOCUMENT © ISO/SAE International 2021 ii © ISO/SAE International 2021 – All rights reserved ISO/SAE 21434:2021(E) Foreword bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of are used to advance mobility engineering throughout the world. The SAE Technical Standards The procedures used to develop this document and those intended for its further maintenance are the different approval criteria needed for the different types of ISO documents should be noted. This www .iso. org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and SAE International shall not be held responsible for identifying any or all such the Introduction and/or on the ISO list of patent declarations received (see www. iso. org/patents). responsibility of the user.” Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. www. iso. org/ iso/foreword. html. Electrical and electronic components and general system aspects Cybersecurity Systems Engineering Committee. Road vehicles [ Vehicle ]. The main changes are as follows: — complete rework of contents and structure. complete listing of these bodies can be found at www. iso. org/members. html https://www. sae. org/standards/content/ISO/SAE 21434/. © ISO/SAE International 2021 – All rights reserved iii ISO/SAE 21434:2021(E) Introduction Purpose of this document This document addresses the cybersecurity perspective in engineering of electrical and electronic document aims to enable the engineering of E/E systems to keep up with state-of-the-art technology and evolving attack methods. engineering as a foundation for common understanding throughout the supply chain. This enables — foster a cybersecurity culture. This document can be used to implement a cybersecurity management system including cybersecurity risk management. Organization of this document An overview of the document structure is given in Figure 1. The elements of Figure 1 do not prescribe iv © ISO/SAE International 2021 – All rights reserved ISO/SAE 21434:2021(E) Figure 1 — Overview of this document Clause 4 approach to road vehicle cybersecurity engineering taken in this document. cybersecurity activities at the project level. cybersecurity activities between customer and supplier. Clause 8 (Continual cybersecurity activities) includes activities that provide information for ongoing support. Clause 10 Clause 11 (Cybersecurity validation) includes the cybersecurity validation of an item at the vehicle level. © ISO/SAE International 2021 – All rights reserved v ISO/SAE 21434:2021(E) Clause 12 an item or component. Clause 13 (Operations and maintenance) includes activities related to cybersecurity incident response and updates to an item or component. Clause 14 (End of cybersecurity support and decommissioning) includes cybersecurity considerations for end of support and decommissioning of an item or component. (Threat analysis and risk assessment methods) includes modular methods for analysis and through that are different from the persons responsible for the cybersecurity activities. A summary of cybersecurity activities and work products can be found in vi . © ISO/SAE International 2021 – All rights reserved INTERNATIONAL STANDARD ISO/SAE 21434:2021(E) Road vehicles — Cybersecurity engineering 1 Scope for communicating and managing cybersecurity risk. 2 Normative references Road vehicles — Functional safety — Part 3: Concept phase ISO Online browsing platform: available at https://www.iso.org/obp IEC Electropedia: available at https://www.electropedia.org/ 3.1.1 architectural design interactions components ( 3.1.2 asset Note 1 to entry: An asset has one or more cybersecurity properties (3.1.20) whose compromise can lead to one or more damage sce