ISO/SAE 21434 specifies engineering requirements for cybersecurity risk management regarding the concept, product development, production, operation, maintenance, and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces.
A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing concerns relating to cybersecurity.
ISO/SAE 21434 is applicable to series production road vehicle E/E systems, including their components and interfaces, whose development or modification began after the publication of ISO/SAE 21434.
Note- ISO/SAE 21434 does not prescribe specific technology or solutions related to cybersecurity.
ISO/SAE 21434 on cybersecurity engineering is useful for:
ISO/SAE 21434 on cybersecurity engineering is being cited in UNECE WP29 vehicle type approval regulations, making it a requirement for the industry to comply with the standard as part of vehicle type approval. Coupling standardization with regulation will build the cybersecurity resilience that is needed in the automotive product domain.
ISO/SAE 21434 addresses the cybersecurity perspective in engineering of electrical and electronic (E/E) systems within road vehicles. By ensuring appropriate consideration of cybersecurity, this document aims to enable the engineering of E/E systems to keep up with state-of-the-art technology and evolving attack methods.
ISO/SAE 21434 provides vocabulary, objectives, requirements and guidelines related to cybersecurity engineering as a foundation for common understanding throughout the supply chain. This enables organizations to:
ISO/SAE 21434 can be used to implement a cybersecurity management system including cybersecurity risk management.
BS ISO/SAE 21434:2021 is the first edition of ISO/SAE 21434 that cancels and supersedes SAE J3061: 2016[37].
The main changes are as follows:
ISO 21434