Skip to content
This part contains:
- Process description for TARA
- Template with examples for [WP-09-02] TARA which covers:
- [WP-15-01] Damage scenarios
- [WP-15-02] Assets with cybersecurity properties
- [WP-15-03] Threat scenarios
- [WP-15-04] Impact ratings with associated impact categories
- [WP-15-05] Attack paths
- [WP-15-06] Attack feasibility ratings
- [WP-15-07] Risk values
- [WP-15-08] Risk treatment decisions
- Verification review checklist for TARA (and all listed WPs)
This part contains:
- Process description for end of cybersecurity support and decommissioning
- Guideline with best practices for:
- [WP-14-01] Procedures to communicate the end of cybersecurity support
This part contains:
- Process description for operations and maintenance
- Template with examples for:
- [WP-13-01] Cybersecurity incident response plan
- Verification review checklists for [WP-13-01]
This part contains:
- Process description for production phase
- Guideline with best practices for:
- [WP-12-01] Production control plan
- Verification review checklists for [WP-12-01]
This part contains:
- Process description for cybersecurity validation
- Template with examples for:
- [WP-11-01] Validation report
- Verification review checklists for [WP-11-01]
This part contains:
- Process description for product development phase
- Guideline with best practices for:
- [WP-10-01] Cybersecurity specifications
- [WP-10-02] Cybersecurity requirements for post-development
- [WP-10-03] Documentation of the modelling, design, or programming languages and coding guidelines
- [WP-10-05] Weaknesses found during product development
- [WP-10-06] Integration and verification specification
- Template with examples for:
- [WP-10-04] Verification report for the cybersecurity specifications
- [WP-10-07] Integration and verification report
- Verification review checklists for [WP-10-01], [WP-10-03], [WP-10-05], [WP-10-06] and [WP-10-07]
This part contains:
- Process description for concept phase
- Guideline with best practices for:
- [WP-09-03] Cybersecurity goals
- [WP-09-04] Cybersecurity claims
- Template with examples for:
- [WP-09-01] Item definition
- [WP-09-02] TARA
- [WP-09-05] Verification report for cybersecurity goals
- [WP-09-06] Cybersecurity concept
- [WP-09-07] Verification report of cybersecurity concept
- Verification review checklists for [WP-09-01] and [WP-09-02]
This part contains:
- Process description for cybersecurity management
- Guideline with best practices for:
- [WP-05-01] Cybersecurity policy, rules and processes
- [WP-05-03] Evidence of the organization’s management systems
- Template with examples for:
- [WP-05-02] Evidence of competence management, awareness management and continuous improvement
- [WP-05-04] Evidence of tool management
- [WP-05-05] Organizational cybersecurity audit report
- Verification review checklists for [WP-05-01], [WP-05-02] , [WP-05-03] and [WP-05-04]
This part contains:
- Process description for cybersecurity project management
- Template with examples for:
- [WP-06-01] Cybersecurity plan
- [WP-06-02] Cybersecurity case
- [WP-06-03] Cybersecurity assessment report
- [WP-06-04] Release for post-development report
- Verification review checklists for [WP-06-01], [WP-06-02] and [WP-06-04]
This part contains:
- Process description for cybersecurity activities distribution
- Guideline with best practices for:
- Supplier capability
- Request for quotation
- Template with examples for:
- [WP-07-01] Cybersecurity interface agreement
- Verification review checklist
This part contains:
- Process description for continual cybersecurity activities
- Guideline with best practices for:
- [WP-08-01] Sources for cybersecurity information
- [WP-08-02] Triggers
- [WP-08-03] Cybersecurity events
- [WP-08-04] Weaknesses from cybersecurity events
- [WP-08-05] Vulnerability analysis
- Template with examples for:
- [WP-08-06] Evidence of managed vulnerabilities
- Verification review checklists for all work products
This part contains:
- General ISO21434 purpose
- Cybersecurity risk management overview
- Relationships between item, cybersecurity assets, goals etc.
