Customer Support: 131 242

  • Shopping Cart
    There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

SAE J3061_201601

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by

Cybersecurity Guidebook for Cyber-Physical Vehicle Systems

Available format(s)

Hardcopy , PDF

Superseded date

20-01-2022

Superseded by

SAE J3061_202112

Language(s)

English

Published date

14-01-2016

$341.70
Including GST where applicable

1. SCOPE
2. REFERENCES
3. DEFINITIONS AND ACRONYMS
4. RELATIONSHIP BETWEEN SYSTEM SAFETY AND SYSTEM
   CYBERSECURITY
5. GUIDING PRINCIPLES ON CYBERSECURITY FOR CYBER-PHYSICAL
   VEHICLE SYSTEMS (CPS)
6. CYBERSECURITY PROCESS OVERVIEW
7. OVERALL MANAGEMENT OF CYBERSECURITY
8. PROCESS IMPLEMENTATION
9. NOTES
APPENDIX A - Description of Cybersecurity Analysis Techniques
APPENDIX B - Example Templates for Work Products
APPENDIX C - Examples Using Identified Analyses
APPENDIX D - Security & Privacy Controls Description
             and Application
APPENDIX E - Vulnerability Databases and Vulnerability
             Classification Schemes
APPENDIX F - Vehicle Level Considerations
APPENDIX G - Current Cybersecurity Standards and Guidelines
             that may be useful to the Vehicle Industry
APPENDIX H - Vehicle Project Awareness
APPENDIX I - Security Test Tools of Potential use to the
             Vehicle Industry

This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers.

DocumentType
Standard
Pages
128
PublisherName
SAE International
Status
Superseded
SupersededBy

This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems (e.g., commercial and military vehicles, trucks, busses). Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer’s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc.This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes:Defining a complete lifecycle process framework that can be tailored and utilized within each organization’s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.Providing basic guiding principles on Cybersecurity for vehicle systems.Providing the foundation for further standards development activities in vehicle Cybersecurity.The appendices provide additional information to be aware of and may be used in helping improve Cybersecurity of feature designs. Much of the information identified in the appendices is available but some experts may not be aware of all of the available information. Therefore, the appendices provide an overview of some of this information to provide further guidance on building Cybersecurity into cyber-physical vehicle systems. The objective of the overviews is to encourage research to help improve designs and identify methods and tools for applying a company’s internal Cybersecurity process.Appendices A-C - Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.Appendices D-I - Provide awareness of information that is available to the Vehicle Industry.Appendix D - Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.Appendix E - Provides references to some available vulnerability databases and vulnerability classification schemes.Appendix F - Describes vehicle-level considerations, including some good design practices for electrical architecture.Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.Appendix H - Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.Appendix I - Describes some existing security test tools of potential interest to the vehicle industry.Refer to the definitions section to understand the terminology used throughout the document.

16/30320028 DC : 0 BS ISO 26262-2 - ROAD VEHICLES - FUNCTIONAL SAFETY - PART 2: MANAGEMENT OF FUNCTIONAL SAFETY
SAE J3138_201806 Diagnostic Link Connector Security

ISO/IEC/IEEE 29119-2:2013 Software and systems engineering — Software testing — Part 2: Test processes
ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC/IEEE 29119-4:2015 Software and systems engineering Software testing Part 4: Test techniques
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC/IEEE 29119-1:2013 Software and systems engineering Software testing Part 1: Concepts and definitions
ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
ISO/TS 16949:2009 Quality management systems Particular requirements for the application of ISO 9001:2008 for automotive production and relevant service part organizations
ISO/IEC/IEEE 29119-3:2013 Software and systems engineering Software testing Part 3: Test documentation
ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
ISO/IEC 12207:2008 Systems and software engineering — Software life cycle processes
ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
AIAG QS 9000 : 3ED 98 QUALITY SYSTEM REQUIREMENTS
ISO 26262-8:2011 Road vehicles Functional safety Part 8: Supporting processes
ISO 26262-3:2011 Road vehicles Functional safety Part 3: Concept phase

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.