© ISO SAE 21434 – All rights reserved ISO SAE 21434:2018(X) 1 ISO TC 22/SC 32/WG 11 2 SAE 3 Secretariat: ISO SAE 4 Road vehicles – Cybersecurity engineering 5 6 CD stage 7 8 9 Warning for WDs and CDs 10 Th i s d ocu me n t i s n ot an I S O I n te rn a ti on al S tan dar d. I t i s di str ibuted for review and comment. It is subject to 11 change without notice and may not be referred to as an International Standard. 12 Recipients of this draft are invited to submit, with their comm ents, notification of any relevant patent rights of 13 which they are aware and to provide supporting documentation. 14 To help you, this guide on writing standards was produced by the ISO/TMB and is available at 15 https://www.iso.org/iso/how‐to‐write‐standards.pdf 16 A model manuscript of a draft International Standard (known as “The Rice Model”) is available at 17 https://www.iso.org/iso/model_document‐rice_model.pdf 18 19 ISO SAE 21434:2018(X) ii © ISO SAE 21434 – All rights reserved © ISO SAE 2018 20 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this 21 publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, 22 including photocopying, or posting on the internet or an intran et, without prior written permission. Permission 23 can be requested from either ISO at the address below or ISO’s member body in the country of the requester. 24 ISO copyright office 25 CP 401 • Ch. de Blandonnet 8 26 CH-1214 Vernier, Geneva 27 Phone: +41 22 749 01 11 28 Fax: +41 22 749 09 47 29 Email: [email protected] 30 Website: www.iso.org 31 Published in Switzerland 32 ISO SAE 21434:2018(X) © ISO SAE 21434 – All rights reserved iii Contents 33 Foreword ............................................................................................................................... ........................................ vii  34 Introduction................................................................................................................... .............................................. viii  35 1 Scope ............................................................................................................................... ........................................... 1  36 2 Normative references ............................................................................................................................... ........... 1  37 3 Terms and abbreviations ............................................................................................................................... ..... 1  38  Terms and definitions ............................................................................................................................... ........... 1  3.1 39  Abbreviated terms ............................................................................................................................... ................. 6  3.2 40 4 General considerations (informative) ........................................................................................................... 6  41  The vehicle ecosystem ............................................................................................................................... .......... 6  4.1 42  Organizational overview of cybersecurity management ........................................................................ 8  4.2 43  Lifecycle ............................................................................................................................... ...................................... 8  4.3 44  Stages of the post‐production phase ............................................................................................................... 9  4.4 45 5 Management of Cybersecurity ....................................................................................................................... 10  46  Over