ISO/SAE 21434#
The standard ISO/SAE 21434 has several clauses. All work products and requirements are defined as references below, if those are relevant for the S-CORE project.
Irrelevant clauses for S-CORE process requirements and work products compliance are:
“Clause 1-4:” - as it contains no requirements and work products
“Clause 7: Distributed cybersecurity activities” - as the project is organized as open source project
“Clause 9: Concept” - as this is in responsibility of system integrator
“Clause 11: Cybersecurity validation” - as this is in responsibility of system integrator
“Clause 12: Production” - as this is in responsibility of system integrator
“Clause 14: End of cybersecurity support and decommissioning” - as this is in responsibility of system integrator
“Annex A-H:” - as it contains no requirements and work products
Relevant clauses are:
Clause 5: Organizational cybersecurity management#
- Requirements
- org_management_1status: validorg_management_2status: validorg_management_3status: validorg_management_4status: validorg_management_5status: validorg_management_6status: validorg_management_7status: validorg_management_8status: validorg_management_9status: valid
- Work products
- org_management_1status: validorg_management_2status: validorg_management_3status: validorg_management_4status: validorg_management_5status: valid
Clause 6: Project dependent cybersecurity management#
- Requirements
- prj_management_1status: validprj_management_2status: validprj_management_3status: validprj_management_4status: validprj_management_5status: validprj_management_6status: validprj_management_7status: validprj_management_8status: validprj_management_9status: validprj_management_10status: validprj_management_11status: validprj_management_12status: validprj_management_13status: validprj_management_14status: validprj_management_15status: validprj_management_16status: validprj_management_17status: validprj_management_18status: validprj_management_19status: validprj_management_20status: validprj_management_21status: validprj_management_22status: validprj_management_23status: validprj_management_24status: validprj_management_25status: valid
- Work products
- prj_management_1status: validprj_management_2status: validprj_management_3status: validprj_management_4status: valid
Clause 8: Continual cybersecurity activities#
- Requirements
- continual_1status: validcontinual_2status: validcontinual_3status: validcontinual_4status: validcontinual_5status: validcontinual_6status: validcontinual_7status: validcontinual_8status: valid
- Work products
- continual_1status: validcontinual_2status: validcontinual_3status: validcontinual_4status: validcontinual_5status: validcontinual_6status: valid
Clause 10: Product development#
- Requirements
- development_1status: validdevelopment_2status: validdevelopment_3status: validdevelopment_4status: validdevelopment_5status: validdevelopment_6status: validdevelopment_7status: validdevelopment_8status: validdevelopment_9status: validdevelopment_10status: validdevelopment_11status: validdevelopment_12status: validdevelopment_13status: valid
- Work products
- development_1status: validdevelopment_2status: validdevelopment_3status: validdevelopment_4status: validdevelopment_5status: validdevelopment_6status: validdevelopment_7status: valid
Clause 13: Operations and maintenance#
- Requirements
- maintenance_1status: validmaintenance_2status: validmaintenance_3status: valid
- Work products
- maintenance_1status: valid
Clause 15: Threat analysis and risk assessment methods#
Requirements
assessment_1status: validassessment_2status: validassessment_3status: validassessment_4status: validassessment_5status: validassessment_6status: validassessment_7status: validassessment_8status: validassessment_9status: validassessment_10status: valid- Work products
- assessment_1status: validassessment_2status: validassessment_3status: validassessment_4status: validassessment_5status: validassessment_6status: validassessment_7status: validassessment_8status: valid
Note
Titles of the ISO/SAE 21434 standard clauses are from official ISO website (search for “21434”).
Requirements and work products numbering as above is derived by the sequence as those are defined in the standard document. All work products of the relevant clauses are included in the list to enable the documentation of the project wide tailoring, but the related requirements are not included as these are not needed to be covered.
A mapping table to ISO 21434 numbering can be provided by S-CORE project on request for every holder of a ISO/SAE 21434 standard license.