|Standard number:||Automotive SPICE for Cybersecurity|
Automotive SPICE for Cybersecurity 1st edition 2021
Automotive SPICE® for Cybersecurity
Part I: Process Reference and Assessment Model for Cybersecurity Engineering,
Part II: Rating Guidelines on Process Performance (Level 1) for Cybersecurity Engineering,
1st edition, August 2021
The UNECE regulation R155 requires, among others, that the vehicle manufacturer identify and manage cybersecurity risks in the supply chain. Automotive SPICE is a process assessment model, when used with an appropriate assessment method, which helps to identify process-related product risks. To incorporate cybersecurity-related processes into the proven scope of Automotive SPICE, additional processes have been defined in a Process Reference and Assessment Model for Cybersecurity Engineering (Cybersecurity PAM).
Part I of this document supplements the Automotive SPICE PAM 3.1 enabling the evaluation of cybersecurity-relevant development processes. A prerequisite for performing an assessment using the Automotive SPICE for Cybersecurity PAM is the existence of an ASPICE assessment result for the VDA scope with a comparable assessment scope. Otherwise, an assessment using both the Automotive SPICE for Cybersecurity PAM and ASPICE PAM for the VDA scope processes has to be performed.