Module Security Plan

Note

Document header

[Your Module Name] Security Plan		status: draft security: YES safety: ASIL_B
tags: template realizes: wp__module_security_plan
doc__module_name_security_plan		Generic Document

Attention

The above directive must be updated according to your Module.

• Modify Your Module Name to be your Module Name

• Modify id to be your Module Name in upper snake case preceded by doc_ and succeeded by security_plan

• Adjust status to be valid

• Adjust safety and tags according to your needs

1. Security Management Context

This Security Plan adds to the Concept Description all the module development relevant work products needed for ISO SAE 21434 conformity.

2. Security Management Scope

This Security Plan’s scope is a SW module of the SW platform <link to module documentation in platform/modules/<modulename>/index.rst>.

The module consists of one or more SW components and will be qualified as a EooC.

3. Security Management Roles

Security Manager	<link to Module’s Security Manager assignment or name>
Project Manager	<link to Module’s Project Lead assignment or name>

4. Tailoring

Additional to the tailoring in the SW platform project as defined in the Concept Description we define here the additional tailoring on module level.

- Excluded for this module are additionally the following work products (and their related requirements):

- <ISO SAE 21434 reference>: <work product/requirement> - <Argumentation why it is not needed or replaced by another work product or activity.>

5. Security Module Work Products

One set of work products for the module and one set for each component of the module:

Table 65 Module Work Products

Work Product Id	Link to process	Process status	Link to issue	Link to WP	WP status
Module Security Plan (wp__module_security_plan)	Security Management Guideline	<automated>	<Link to issue>	this document	see above
Module Security Package (wp__module_security_package)	Security Management Guideline	<automated>	<Link to issue>	<Link to WP>	<automated>
Formal Document Review Reports (wp__fdr_reports) (module Security Plan)	Module Security Plan Formal... (gd_chklst__module_security_plan)	<automated>	<Link to issue>	<Link to WP>	<automated>
Formal Document Review Reports (wp__fdr_reports) (module Security Package)	Security Package Formal Review Checklist (gd_chklst__module_security_package)	<automated>	<Link to issue>	<Link to WP>	<automated>
Formal Document Review Reports (wp__fdr_reports) (module’s Security Analyses)	Security Analysis FDR tbd	<automated>	<Link to issue>	<Link to WP>	<automated>
Process Security Audit Report (wp__audit_report_security)	performed by external experts	n/a	<Link to issue>	<Link to WP>	<WP status (manual)>
Module Release Notes (wp__module_sw_release_note)	Software Development Plan Template (gd_temp__software_development_plan)	<automated>	<Link to issue>	<Link to WP>	<automated>
Module Security Manual (wp__module_security_manual)	Module Security Manual Temp... (gd_temp__module_security_manual)	<automated>	<Link to issue>	<Link to WP>	<automated>
Module Verification Report (wp__verification_module_ver_report)	Verification	<automated>	<Link to issue>	<Link to WP>	<automated>
Module Release Notes (wp__module_sw_release_note)	Release Management	<automated>	<Link to issue>	<Link to WP>	<automated>
Module Software Bill of Mat... (wp__sw_module_sbom)	Security Management	not started	<Link to issue>	<Link to WP>	<automated>

Table 66 Component <name> Work Products

Work Product Id	Link to process	Process status	Link to issue	Link to WP	WP status
Component Requirements (wp__requirements_comp)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Component Assumptions of Use (wp__requirements_comp_aou)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Requirements Inspection (wp__requirements_inspect)	<Link to process>	<automated>	n/a	Checklist used in Pull Request Review	n/a
Component Architecture (wp__component_arch)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Component Security Analysis (wp__sw_component_security_analysis)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Architecture Verification (wp__sw_arch_verification)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Implementation (wp__sw_implementation)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Unit test (wp__verification_sw_unit_test)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Implementation Inspection (wp__sw_implementation_inspection)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>
Component Integration test (wp__verification_comp_int_test)	<Link to process>	<automated>	<Link to issue>	<Link to WP>	<automated>