Automotive SPICE for Cybersecurity 2nd edition 2025

Automotive SPICE® for Cybersecurity.
Part I: Process Reference and Assessment Model for Cybersecurity Engineering.
Part II: Rating Guidelines on Process Performance (Level 1) for Cybersecurity Engineering
2nd edition, March 2025 

The UNECE regulation R155 requires, among others, that the vehicle manufacturer identify and manage cybersecurity risks in the supply chain. Automotive SPICE is a process assessment model which helps to identify process-related product risks when used with an appropriate assessment method. To incorporate cybersecurity-related processes into the proven scope of Automotive SPICE, additional processes have been defined in a Process Reference and Assessment Model for Cybersecurity Engineering (Cybersecurity PAM).

Part I of this document supplements the Automotive SPICE® 4.0 for enabling the evaluation of cybersecurity-relevant development processes. A prerequisite for performing an assessment using the Automotive SPICE for Cybersecurity PAM is the existence of an Automotive SPICE assessment result for the recommended VDA scope. Otherwise, an assessment using both the Automotive SPICE for Cybersecurity PAM and Automotive SPICE PAM for the recommended VDA scope processes has to be performed.

Part II of this document complements the existing Automotive SPICE Guideline (2nd edition). It contains interpretation and rating guidelines for the processes defined in Part I. Chapters 1 "Application and interpretation of rating guidelines" and 2 "Key concepts and overall guidelines" of the Automotive SPICE Guideline (2nd edition) also apply to Part II and therefore are not repeated here.

You will find all others VDA standards and volumes here.