Automotive Cybersecurity Management System Audit - ACSMS ENG_2020, VDA QMC, 自動車サイバーセキュリティ管理システム監査, 2020
The increased connectivity of vehicles provides a multitude of possibilities to enhance vehicle functions (up to and including automated driving) and vehicle maintenance.
However, the extent to which the vehicle is connected to the environment increases the vehicle’s potential as a target of attacks and thereby the significance of cybersecurity in the automotive industry.
The United Nations Economic Commission for Europe - UNECE, reacted to the increasing cybersecurity challenges by founding the Task Force on Cyber Security and Over-the-Air issues.
This task force published the “Draft new UN Regulation on uniform provisions concerning the approval of vehicles with regard to cybersecurity”, which was passed in June 2020 and transferred to national law within the UNECE's jurisdiction.
The UNECE requires an audit of the cybersecurity management system (CSMS) of OEMs and an assessment with regard to cybersecurity as part of type approval. The OEM must also manage the dependencies with the contractual partners concerning the listed requirements.
This VDA volume defines the questionnaire and the rating scheme, which can be applied to the CSMS audit of both the OEM and the contractual partner. The cybersecurity assessment for type approval is not the subject matter here.