Activity AVCDL Phase Work Product Dependencies

Organization Culture
WP-05-01 Cybersecurity policy, rules and processes RQ-05-01 RQ-05-02 RQ-05-03 RQ-05-04 RQ-05-05 RQ-05-06 RQ-05-07 RQ-05-08 RQ-05-09
Cybersecurity Management
Organizational and Product

WP-05-02 Evidence of competence management, awareness management and continuous improvement RQ-05-07 RQ-05-08
5.0 Overall Cybersecurity Management WP-05-03 Evidence of the organization’s management systems RQ-05-11 RQ-05-12
WP-05-04 Evidence of tool management RQ-05-14
WP-05-05 Organizational cybersecurity audit report RQ-05-17
WP-06-01 Cybersecurity plan RQ-06-01 RQ-06-02 RQ-06-03 RQ-06-04 RQ-06-05 RQ-06-06 RQ-06-07 RQ-06-09 RQ-06-10 RQ-06-11 RQ-06-12 RQ-06-14 RQ-06-15 RQ-06-16 RQ-06-17 RQ-06-18 RQ-06-19 RQ-06-20 RQ-06-21 RQ-06-22
WP-06-02 Cybersecurity case RQ-06-23
6.0 Project Dependent Cybersecurity Management
design WP-06-03 Cybersecurity assessment report RQ-06-24 RQ-06-25 RQ-06-26 RQ-06-27 RQ-06-28 RQ-06-30 RQ-06-31 RQ-06-32
release WP-06-04 Release for post-development report RQ-06-33 RQ-06-34
Supporting Processes
WP-07-X1 Supplier capability RQ-07-01
Distribut

Activitie

7.0 Distributed Cybersecurity Activities WP-07-X2 Supplier cybersecurity quote RQ-07-03

ed

WP-07-01 Cybersecurity interface agreement RQ-07-04 RQ-07-06 RQ-07-07

Continuous Cybersecurity Activities
foundation WP-08-01 Sources for cybersecurity monitoring RQ-08-01
8.3 Cybersecurity Monitoring foundation WP-08-02 Triage triggers for cybersecurity monitoring RQ-08-02
Cybersecurity

foundation WP-08-03 Cybersecurity event triage RQ-08-03

Continual

Activities

8.4 Cybersecurity Event Assessment operation WP-08-04 Cybersecurity event assessment RQ-08-04
8.5 Vulnerability Analysis operation WP-08-05 Vulnerability analysis RQ-08-05 RQ-08-06
design WP-08-06 Vulnerability management RQ-08-07
8.6 Vulnerability Management
design WP-08-X1 Apply incident response protocols RQ-08-08
Concept and Product Development Phases
9.3 Item Definition requirements WP-09-01 Item definition RQ-09-01 RQ-09-02
design WP-09-02 Threat analysis and risk assessment RQ-09-03 RQ-09-04
design WP-09-03 Cybersecurity goals RQ-09-05
Concept

9.4 Cybersecurity Goals

design WP-09-04 Cybersecurity claims RQ-09-06
design WP-09-05 Verification report RQ-09-07
design WP-09-06 Cybersecurity concept RQ-09-08 RQ-09-09 RQ-09-10
9.5 Cybersecurity Concept
design WP-09-07 Verification report of cybersecurity concept RQ-09-11
design WP-10-01 Refined cybersecurity specification RQ-10-01 RQ-10-02
Cybersecurity Validation
Product Development,

Refinement of Cybersecurity Requirements and requirements WP-10-02 Cybersecurity requirements for post-development RQ-10-03
10.4.1
Architectural Design foundation WP-10-03 Documentation of the modelling, design, or programming languages and coding guidelines RQ-10-04 RQ-10-05
verification WP-10-04 Verification report for the refined cybersecurity specification RQ-10-08
verification WP-10-05 Vulnerability analysis report RQ-10-07 RC-10-12 RQ-10-13
10.4.2 Integration and Verification implementation WP-10-06 Integration and verification specification RQ-10-10
implementation WP-10-07 Integration and verification reports RQ-10-09 RQ-10-11 RC-10-12 RQ-10-13
11.0 Cybersecurity Validation of the Item at Vehicle Level verification WP-11-01 Validation report RQ-11-01 RQ-11-02
Post-Development Phases
foundation WP-12-01 Production control plan RQ-12-01 RQ-12-02
Maintenance, End of

12.0 Production
Decommissioning

operation WP-12-X1 Production control plan implementation RQ-12-03

Operations and

Cybersecurity
Support and
Production,

foundation WP-13-01 Cybersecurity incident response plan RQ-13-01

13.3 Cybersecurity Incident Response
operation WP-13-X1 Cybersecurity incident response plan implementation RQ-13-02
13.4 Updates operation WP-13-X2 Update plan RQ-13-03
14.3 End of Cybersecurity Support foundation WP-14-01 Procedures to communicate end of cybersecurity support RQ-14-01
14.4 Decommissioning foundation WP-14-X1 Decommissioning implications RQ-14-02
Threat Analysis and Risk Assessment Methods
design WP-15-01 Damage scenarios RQ-15-01
Threat Analysis and Risk

15.3 Asset Identification

Assessment Methods

design WP-15-02 Identified assets and cybersecurity properties RQ-15-02

15.4 Threat Scenario Identification design WP-15-03 Threat scenarios RQ-15-03
15.5 Impact Rating design WP-15-04 Impact rating, including the associated impact categories of the damage scenarios RQ-15-04 RQ-15-05 RQ-15-06
15.6 Attack Path Analysis design WP-15-05 Identified attack paths RQ-15-08 RQ-15-09
15.7 Attack Feasibility Rating design WP-15-06 Attack feasibility rating RQ-15-10
15.8 Risk Determination design WP-15-07 Risk values RQ-15-15 RQ-15-16
15.9 Risk Treatment Decision design WP-15-08 Risk treatment decision per threat scenario RQ-15-17

should be requirement
requirement without work product
work product missing
 434 Activity
Organization Culture
5.4.1 Cybersecurity Governance WP-05-01
Organizational Cybersecurity

5.4.3 Cybersecurity Risk Management WP-05-01

5.4.5 Information Sharing WP-05-01
Management

5.4.2 Cybersecutiry Culture WP-05-02

5.4.4 Organizational Cybersecurity Audit WP-05-03
5.4.6 Management Systems WP-05-04

5.4.7 Tool Management WP-05-05

6.4.1 Cybersecurity Responsibilities and Their Management WP-06-01
Project Dependent Cybersecurity

6.4.2 Cybersecurity Planning WP-06-01

6.4.3 Tailoring of the Cybersecurity Activities WP-06-01
6.4.4 Reuse WP-06-01
Management

6.4.5 Component Out-of-Context WP-06-01

6.4.6 Off-the-Shelf Component WP-06-01

6.4.7 Cybersecurity Case WP-06-02

6.4.8 Cybersecurity Assessment WP-06-03
6.4.9 Release fo Post-development WP-06-04
Supporting Processes
7.4.1 Demonstration and Evaluation of Supplier Capability WP-07-X1
Cybersecurity
Distrubuted

Activities

7.4.2 Request for Quotation WP-07-X2

7.4.3 Alignment of Responsibilities WP-07-01

Continuous Cybersecurity Activities
WP-08-01
8.3 Cybersecurity Monitoring WP-08-02
Cybersecurity

WP-08-03
Continual

Activities

8.4 Cybersecurity Event Assessment WP-08-04

8.5 Vulnerability Analysis WP-08-05
WP-08-06
8.6 Vulnerability Management
WP-08-X1
Concept and Product Development Phases
9.3 Item Definition WP-09-01
WP-09-02
WP-09-03
Concept

9.4 Cybersecurity Goals

WP-09-04
 Concept
9.4 Cybersecurity Goals
WP-09-05
WP-09-06
9.5 Cybersecurity Concept
WP-09-07
WP-10-01
Cybersecurity Validation
Product Development,

WP-10-02
10.4.1 Refinement of Cybersecurity Requirements and Architectural Design
WP-10-03
WP-10-04
WP-10-05
10.4.2 Integration and Verification
WP-10-06
10.4.3 Specific Requirements for Software Development WP-10-07
11.0 Cybersecurity Validation of the Item at Vehicle Level WP-11-01
Post-Development phases
WP-12-01
Maintenance, End of

12.0 Production
Decommissioning

WP-12-X1
Operations and

Cybersecurity
Support and
Production,

WP-13-01
13.3 Cybersecurity Incident Response
WP-13-X1
13.4 Updates WP-13-X2
14.3 End of Cybersecurity Support WP-14-01
14.4 Decommissioning WP-14-X1
Threat Analysis and Risk Assessment Methods
WP-15-01
Threat Analysis and Risk

15.3 Asset Identification

Assessment Methods

WP-15-02
15.4 Threat Scenario Identification WP-15-03
15.5 Impact Rating WP-15-04
15.6 Attack Path Analysis WP-15-05
15.7 Attack Feasibility Rating WP-15-06
15.8 Risk Determination WP-15-07
15.9 Risk Treatment Decision WP-15-08

should be in supporting processes

unanchored requirements
no associated requirement
 434 Work Product

Cybersecurity policy, rules and processes

Cybersecurity policy, rules and processes
Cybersecurity policy, rules and processes
Evidence of competence management, awareness management and continuous improvement
Organizational cybersecurity audit report
Evidence of the organization’s management systems

Evidence of tool management

Cybersecurity plan
Cybersecurity plan
Cybersecurity plan
Cybersecurity plan
Cybersecurity plan

Cybersecurity plan

Cybersecurity case
Cybersecurity assessment report
Release for post-development report

Supplier capability

Supplier cybersecurity quote

Cybersecurity interface agreement

Sources for cybersecurity monitoring

Triage triggers for cybersecurity monitoring
Cybersecurity event triage
Cybersecurity event assessment
Vulnerability analysis
Vulnerability management
Apply incident response protocols

Item definition
Threat analysis and risk assessment
Cybersecurity goals
Cybersecurity claims
Verification report
Cybersecurity concept
Verification report of cybersecurity concept
Refined cybersecurity specification
Cybersecurity requirements for post-development
Documentation of the modelling, design, or programming languages and coding guidelines
Verification report for the refined cybersecurity specification
Vulnerability analysis report
Integration and verification specification
Integration and verification reports
Validation report

Production control plan

Production control plan implementation
Cybersecurity incident response plan
Cybersecurity incident response plan implementation
Update plan
Procedures to communicate end of cybersecurity support
decommissioning cybersecurity requirements

Damage scenarios
Identified assets and cybersecurity properties
Threat scenarios
Impact rating, including the associated impact categories of the damage scenarios
Identified attack paths
Attack feasibility rating
Risk values
Risk treatment decision per threat scenario
 262 Activity 262 Wor

2-5.5.1
2-5.5.1
2-5.4.3 Management of safety anomalies regarding functional safety 2-5.5.1
2-5.4.2 Safety culture 2-5.5.1
2-5.4.4 Competence management 2-5.5.2
2-6.4.11 Functional safety audit 2-6.5.5
2-5.4.5 Quality management system 2-5.5.3
2-5.4.6 Project-independent tailoring of safety lifecycle 2-5.5.3
8-11.4.1-5 Software tool criteria evaluation 8-11.5.1
8-11.4.6-9 Software tool qualification 8-11.5.2
2-6.4.6 Planning and coordination of the safety activities 2-6.5.3
2-6.4.6 Planning and coordination of the safety activities 2-6.5.3
2-6.4.5 Tailoring of the safety activities 2-6.5.3
[Link] Reuse of an existing element 2-6.5.2
8-16-4.2-4 Safety case 8-16-5-1
8-12.4.2 Specification of software component qualification 8-12-5.1
8-12.4.2 Specification of software component qualification 8-12.5.2
8-12.4.3 Verification of qualification of a software component 8-12.5.3
2-6.4.8 Safety case 2-6.5.4
2-6.4.12 Functional safety assessment 2-6.5.5
2-6.4.9 Confirmation measures 2-6.5.5
2-6.4.13 Release for production 2-6.5.6

8-[Link] Supplier Selection Criteria 8-5.5.1

8-[Link] Supplier RFQ 8-5.5.1
8-5.4.3 Initiation and planning of distributed development 8-5.5.2
8-[Link] Safety assessment responsibility 8-5.5.2
8-[Link] Safety assessment planning 8-5.5.2
 262 Work Product

Oragnization-specific rules and processes for functional safety

Oragnization-specific rules and processes for functional safety
Oragnization-specific rules and processes for functional safety
Oragnization-specific rules and processes for functional safety
Evidence of competence management
Confirmation measure reports
Evidence of a quality management system
Evidence of a quality management system
Software tool criteria evaluation report
Software tool qualification report
Safety plan
Safety plan
Safety plan
Impact analyses at element level
Safety rationale
Software component documentation
Software component qualification report
Software component qualification verification report
Safety case
Confirmation measure reports
Confirmation measure reports
Release for production report

Supplier selection report

Supplier selection report
Developer interface agreement
Developer interface agreement
Developer interface agreement
 WP.29 R155 CSMS

[Link](b)

[Link](d)

[Link](h)

[Link](b)
[Link](e)
[Link](a)

[Link](g)

[Link](a)
[Link](c)

[Link](f)
[Link]

[Link]

[Link]
RQ-05-01 cybersecurity policy X
Organizational Cybersecurity Management

RQ-05-02 organization-specific rules / processes X

RQ-05-03 roles and responsibilities X
RQ-05-04 cybersecurity resources
WP-05-01 RQ-05-05 establish communication channels
RQ-05-06 cybersecurity culture X
RQ-05-07 ensure competency X
RQ-05-08 continuous improvement process X
RQ-05-09 define information sharing criteria
RQ-05-07 ensure competency X
WP-05-02
RQ-05-08 continuous improvement process X
RQ-05-11 quality management system X
WP-05-03
RQ-05-12 track product cybersecurity status until EoL
WP-05-04 RQ-05-14 manage tools
WP-05-05 RQ-05-17 cybersecurity audit
RQ-06-01 assign project responsibilities
RQ-06-02 identify security-relevant components
RQ-06-03 cybersecurity plan content
RQ-06-04 assign project tracking responsibilities
RQ-06-05 cybersecurity plan style
RQ-06-06 include security in project plan
RQ-06-07 keep cybersecurity plan updated
RQ-06-09 keep cybersecurity work products updated X
RQ-06-10 cybersecurity supplier interface definition X
Project Dependent Cybersecurity Management

RQ-06-11 cybersecurity plan in QMS

WP-06-01
RQ-06-12 work products in QMS
RQ-06-14 tailored activity justification
RQ-06-15 reuse analysis
RQ-06-16 reuse analysis composition 1
RQ-06-17 reuse analysis composition 2
RQ-06-18 out-of-context tailored activities
RQ-06-19 out-of-context development
RQ-06-20 out-of-context integration
RQ-06-21 off-the-shelf component use
RQ-06-22 OTS component document defeciency
WP-06-02 RQ-06-23 cybersecurity case
RQ-06-24 per component assessment rationale
RQ-06-25 component assessment rationale review
RQ-06-26 component assessment sufficiency
RQ-06-27 assessor independence
WP-06-03
RQ-06-28 assessement-necessary information access
RQ-06-30 assessent scope
RQ-06-31 assessment recommendations
RQ-06-32 conditional acceptance
RQ-06-33 work product required before release
WP-06-04
RQ-06-34 evidence required before release
WP-07-X1 RQ-07-01 evaluate supplier cybersecurity capability
Cybersecurity
Distrubuted

WP-07-X2 RQ-07-03 supplier cybersecurity quote

Activities

RQ-07-04 supplier cybersecurity interface agreement X

WP-07-01 RQ-07-06 supplier vulnerability activities X
RQ-07-07 extra-security CIA conflict
WP-08-01 RQ-08-01 cybersecurity monitoring sources X
Continual Cybersecurity

WP-08-02 RQ-08-02 cybersecurity triage triggers X

WP-08-03 RQ-08-03 cybersecurity event triage X X
Activities

WP-08-04 RQ-08-04 cybersecurity event assessment X

RQ-08-05 identified weakness analysis X X
WP-08-05
RQ-08-06 weakness rejection rationale X X
WP-08-06 RQ-08-07 vulnerability management X
WP-08-X1 RQ-08-08 apply incident response protocols
RQ-09-01 item definition
WP-09-01
RQ-09-02 item operational information
RQ-09-03 item analysis
WP-09-02
RQ-09-04 risk treatment
WP-09-03 RQ-09-05 risk treatment to cybersecurity goal mapping X
Concept

WP-09-04 RQ-09-06 cybersecurity claims X

WP-09-05 RQ-09-07 goals / claims verification report X
RQ-09-08 cybersecurity requirements to goals mapping X
WP-09-06 RQ-09-09 requirements operational information
RQ-09-10 attach requirements to components
WP-09-07 RQ-09-11 requirements allocation verification report
RQ-10-01 refined cybersecurity requirements X
WP-10-01
RQ-10-02 requirement component allocation
WP-10-02 RQ-10-03 post-development security consideration
RQ-10-04 tool selection criteria
WP-10-03
Product Developmnet

RQ-10-05 tool insufficiency mitigation

WP-10-04 RQ-10-08 cybersecurity specification verification
RQ-10-07 cybersecurity requirement verification
WP-10-05 RC-10-12 verification of weakness minimization
RQ-10-13 documented rationale for not testing
WP-10-06 RQ-10-10 integration and verification specification
RQ-10-09 verification of requirements fulfillment
RQ-10-11 test coverage metrics
WP-10-07
RC-10-12 verification of weakness minimization
RQ-10-13 documented rationale for not testing
RQ-11-01 validation activities X X
securi
Cyber

ation
Valid

WP-11-01
ty

RQ-11-02 validation activities rationale X

RQ-12-01 production control plan X
Threat Analysis and Risk Assessment Supp ns and Producti

WP-12-01
RQ-12-02 production control plan specification X
on

WP-12-X1 RQ-12-03 production control plan implementation X

WP-13-01 RQ-13-01 incident reponse plan X
ty Operatio

ort Mainten
ance

WP-13-X1 RQ-13-02 incident reponse plan implementation X

WP-13-X2 RQ-13-03 update plan
WP-14-01 RQ-14-01 procedures to communicate cybersecurity EoS
sionin
securi
Cyber

mmis
Deco
End

and
of

WP-14-X1 RQ-14-02 decommissioning cybersecurity requirements

WP-15-01 RQ-15-01 damage scenarios X
WP-15-02 RQ-15-02 asset identification X
WP-15-03 RQ-15-03 threat scenario identification X
RQ-15-04 damage scenario impact analysis X
WP-15-04 RQ-15-05 damage scenario impact severity X
Methods

RQ-15-06 safety impact assignment

RQ-15-08 attack path identification X
WP-15-05
RQ-15-09 attack path mapped to threat scenario X
WP-15-06 RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
WP-15-07
RQ-15-16 risk value scale X
WP-15-08 RQ-15-17 risk treatment considerations X

out of scope
no WP.29 product
WP.29 product match
 Production, Operations
Organizational and Product Distributed Continual Cybersecurity Concept Product Development, and Maintenance, End of Threat Analysis and Risk
Cybersecurity Management Activities Activities Cybersecurity Validation Cybersecurity Support and Assessment Methods
Decommissioning
AVCDL requirement
AVCDL phase

WP-07-X1
WP-07-X2

WP-08-X1

WP-12-X1

WP-13-X1
WP-13-X2

WP-14-X1
WP-05-01
WP-05-02
WP-05-03
WP-05-04
WP-05-05
WP-06-01
WP-06-02
WP-06-03
WP-06-04

WP-07-01

WP-08-01
WP-08-02
WP-08-03
WP-08-04
WP-08-05
WP-08-06

WP-09-01
WP-09-02
WP-09-03
WP-09-04
WP-09-05
WP-09-06
WP-09-07

WP-10-01
WP-10-02
WP-10-03
WP-10-04
WP-10-05
WP-10-06
WP-10-07
WP-11-01

WP-12-01

WP-13-01

WP-14-01

WP-15-01
WP-15-02
WP-15-03
WP-15-04
WP-15-05
WP-15-06
WP-15-07
WP-15-08
Title
1 Training X X
2 Roles and Responsibilities X X
3 Toolchain Support X X
4 Definition of Security Requirements
Foundation

5 Protect the Code

6 Ensure Release Integrity X
7 Incident Response Plan X X X X
8 Decommissioning Plan X X
9 Threat Prioritization Plan X
10 Deployment Plan X X
Design Requirements

1 Security Requirements Definition X X

2 Requirements Gate
1 Apply Security Requirements and Risk Information to Design X X X
2 Security Design Review X X X
3 Attack Surface Reduction
4 Threat Modeling X X X X X X X X X X
5 Design Gate
1 Use Approved Tools X
2 Configure the Compilation and Build Process to Improve Executable Security
3 Use Secure Settings by Default
4 Reuse Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality
Implementation

5 Code Securely
6 Deprecate Unsafe Functions
7 Static Analysis
8 Dynamic Program Analysis
9 Security Code Review
10 Fuzz Testing
11 Implementation Gate X
1 Penetration Testing X
Verification

2 Threat Model Review X X X

3 Attack Surface Analysis Review X X X
4 Verification Gate X X
1 Final Security Review X
Release

2 Archive
3 Release Gate
1 Identify and Confirm Vulnerabilities on an Ongoing Basis X X X X X
Operation

2 Assess and Prioritize the Remediation of all Vulnerabilities X X X X

3 Analyze Vulnerabilities to Identify Their Root Causes X X X X
Decommissioning

4 Secure Deployment X
1 Apply Decommissioning Protocol
1 AVCMDS X
Supplier

2 Supplier Self-reported Maturity X

3 Cybersecurity Interface Agreement X X

out of scope (Note: these will be added to '262 corresponding processes)

no 434 product
434 product match
 Organizational and Product
Cybersecurity Management
AVCDL requirement
AVCDL product
AVCDL phase

WP-05-01
WP-05-02
WP-05-03
WP-05-04
WP-05-05
Title
1 training catalog X X
1
2 system to track training participation X X
2 1 roles and responsibilities document X
3 1 list of approved tools and components X
1 global security goals
4
Foundation

2 global security requirements

5 1 code protection plan
6 1 release integrity plan
1 cybersecurity monitoring plan
7
2 incident response plan
8 1 decommissioning plan
9 1 threat prioritization plan
10 1 deployment plan
Requirements

1 product-level security goals

1
2 product-level security requirements
2 1 requirements phase gate
1 1 design showing security considerations
2 1 security design review report
3 1 attack surface analysis report
Design

1 threat modeling report

4 2 ranked/risked threat report
3 threat report
5 1 design phase gate
1 1 list of tools and components used X
2 1 build process documentation
3 1 secure setting document
4 1 component/version - product/version cross-reference document
Implementation

5 1 secure development
6 1 currently used deprecated functions document
7 1 static analysis report
8 1 dynamic analysis report
9 1 secure code review summary
 Imple 10 1 fuzz testing report
11 1 implementation phase gate
1 1 penetration testing report
Verification

2 1 updated threat model

3 1 updated attack surface analysis
4 1 verification phase gate
1 1 final security review report
Release

2 1 archive manifest
3 1 release phase gate
1 1
Operation

2 X cybersecurity incident report

3 X
Decommissioning

4 1 software deployment report

1 1 decommissioning report
1 1 AVCMDS
Supplier

2 1 Supplier Self-reported Maturity

3 1 Cybersecurity Interface Agreement

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no 434 product
434 product match
 X
WP-06-01
WP-06-02

X
WP-06-03
nizational and Product
rsecurity Management

WP-06-04

WP-07-X1
WP-07-X2
Activities
Distributed

WP-07-01

X
WP-08-01

X
WP-08-02

X
WP-08-03

X
WP-08-04

X
Activities

WP-08-05

X
X
WP-08-06
Continual Cybersecurity

X
WP-08-X1

X
X
WP-09-01

X
WP-09-02

X
WP-09-03

X
WP-09-04
Concept

X
WP-09-05

X
WP-09-06

X
WP-09-07
X
WP-10-01
X

WP-10-02
X

WP-10-03
WP-10-04
Product Development,
Cybersecurity Validation
 X
X

X X X X
X X X
X X X

X
X
X X

as supporting material
 Production, Operations
Product Development, and Maintenance, End of Threat Analysis and Risk
ybersecurity Validation Cybersecurity Support and Assessment Methods
Decommissioning

WP-12-X1

WP-13-X1
WP-13-X2

WP-14-X1
WP-10-05
WP-10-06
WP-10-07
WP-11-01

WP-12-01

WP-13-01

WP-14-01

WP-15-01
WP-15-02
WP-15-03
WP-15-04
WP-15-05
WP-15-06
WP-15-07
WP-15-08
X .

X
X X

X X

X
X X X X X
X
 X
X
X X
X X
X X

X
X
X
X
 Foundation Requirements Design Implementation Verification Release Operation Decom Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

secure code review summary

security design review report
attack surface analysis report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report

implementation phase gate

product-level security goals

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
RQ-05-01 cybersecurity policy
Organizational Cybersecurity Management

RQ-05-02 organization-specific rules / policies

RQ-05-03 roles and responsibilities X in primary document
RQ-05-04 cybersecurity resources
WP-05-01 RQ-05-05 establish communication channels in primary document
RQ-05-06 cybersecurity culture
RQ-05-07 ensure competency X X in primary document
RQ-05-08 continuous improvement process in primary document
RQ-05-09 define information sharing criteria in primary document
RQ-05-07 ensure competency X X in primary document
WP-05-02
RQ-05-08 continuous improvement process in primary document
RQ-05-11 quality management system
WP-05-03
RQ-05-12 track product cybersecurity status until EoL
WP-05-04 RQ-05-14 manage tools X X
WP-05-05 RQ-05-17 cybersecurity audit
RQ-06-01 assign project responsibilities X in primary document
RQ-06-02 identify security-relevant components
RQ-06-03 cybersecurity plan content
RQ-06-04 assign project tracking responsibilities X in primary document
RQ-06-05 cybersecurity plan style
RQ-06-06 include security in project plan
RQ-06-07 keep cybersecurity plan updated
RQ-06-09 keep cybersecurity work products updated in primary document
RQ-06-10 cybersecurity supplier interface definition X
Project Dependent Cybersecurity Management

RQ-06-11 cybersecurity plan in QMS

WP-06-01
RQ-06-12 work products in QMS
RQ-06-14 tailored activity justification
RQ-06-15 reuse analysis
RQ-06-16 reuse analysis composition 1
RQ-06-17 reuse analysis composition 2
RQ-06-18 out-of-context tailored activities
RQ-06-19 out-of-context development
RQ-06-20 out-of-context integration
RQ-06-21 off-the-shelf component use
RQ-06-22 OTS component document deficiency
WP-06-02 RQ-06-23 cybersecurity case
RQ-06-24 per component assessment rationale X
RQ-06-25 component assessment rationale review X
RQ-06-26 component assessment sufficiency X
RQ-06-27 assessor independence X
WP-06-03
RQ-06-28 assessement-necessary information access X
RQ-06-30 assessent scope X
RQ-06-31 assessment recommendations X
RQ-06-32 conditional acceptance X
RQ-06-33 work product required before release X
WP-06-04
RQ-06-34 evidence required before release X
WP-07-X1 RQ-07-01 evaluate supplier cybersecurity capability X X
Cybersecurity
Distrubuted

WP-07-X2 RQ-07-03 supplier cybersecurity quote managed at organizational level

Activities

RQ-07-04 supplier cybersecurity interface agreement X

WP-07-01 RQ-07-06 supplier vulnerability activities X
RQ-07-07 extra-security CIA conflict X
WP-08-01 RQ-08-01 cybersecurity monitoring sources X
Continual Cybersecurity

WP-08-02 RQ-08-02 cybersecurity triage triggers X

WP-08-03 RQ-08-03 cybersecurity event triage X X
Activities

WP-08-04 RQ-08-04 cybersecurity event assessment X X

RQ-08-05 identified weakness analysis X X X
WP-08-05
RQ-08-06 weakness rejection rationale X X X
WP-08-06 RQ-08-07 vulnerability management X X X X X X
WP-08-X1 RQ-08-08 apply incident response protocols X X X X
RQ-09-01 item definition X X
WP-09-01
RQ-09-02 item operational information X X
RQ-09-03 item analysis X
WP-09-02
RQ-09-04 risk treatment X X
WP-09-03 RQ-09-05 risk treatment to cybersecurity goal mapping X
Concept

WP-09-04 RQ-09-06 cybersecurity claims X

WP-09-05 RQ-09-07 goals / claims verification report X
RQ-09-08 cybersecurity requirements to goals mapping X
WP-09-06 RQ-09-09 requirements operational information X
RQ-09-10 attach requirements to components X
WP-09-07 RQ-09-11 requirements allocation verification report X
RQ-10-01 refined cybersecurity requirements X
WP-10-01
RQ-10-02 requirement component allocation X
WP-10-02 RQ-10-03 post-development security consideration X
RQ-10-04 tool selection criteria X
WP-10-03
Product Developmnet

RQ-10-05 tool insufficiency mitigation X

WP-10-04 RQ-10-08 cybersecurity specification verification X X
RQ-10-07 cybersecurity requirement verification X X
WP-10-05 RC-10-12 verification of weakness minimization X X
RQ-10-13 documented rationale for not testing X X
WP-10-06 RQ-10-10 integration and verification specification X X X
RQ-10-09 verification of requirements fulfillment X X
RQ-10-11 test coverage metrics X X
Cybersecurity Validation

WP-10-07
RC-10-12 verification of weakness minimization X X
RQ-10-13 documented rationale for not testing X X
RQ-11-01 validation activities X
WP-11-01
RQ-11-02 validation activities rationale X
Production

RQ-12-01 production control plan X X

WP-12-01
RQ-12-02 production control plan specification X X
WP-12-X1 RQ-12-03 production control plan implementation X
WP-13-01 RQ-13-01 incident reponse plan X
ty Operatio

ort Mainten
Threat Analysis and Risk Assessment Supp ns and

ance

WP-13-X1 RQ-13-02 incident reponse plan implementation X X X

WP-13-X2 RQ-13-03 update plan X
WP-14-01 RQ-14-01 procedures to communicate cybersecurity EoS X
sionin
securi
Cyber

mmis
Deco
End

and
of

WP-14-X1 RQ-14-02 decommissioning cybersecurity requirements X

WP-15-01 RQ-15-01 damage scenarios X
WP-15-02 RQ-15-02 asset identification X
WP-15-03 RQ-15-03 threat scenario identification X
RQ-15-04 damage scenario impact analysis X
WP-15-04 RQ-15-05 damage scenario impact severity X
Methods

RQ-15-06 safety impact assignment X

RQ-15-08 attack path identification X
WP-15-05
RQ-15-09 attack path mapped to threat scenario X
WP-15-06 RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
WP-15-07
RQ-15-16 risk value scale X
WP-15-08 RQ-15-17 risk treatment considerations X

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no 434 product
434 product match
 ISO 26262 Part 2

2-5.4.2

2-E.3.3 [c]
2-E.3.2 [c]

2-E.3.4 [a]
2-E.3.3 [a]
2-E.3.2 [a]
2-E.3.1 [a]

2-E.3.3 [e]
2-E.3.3 [d]
2-E.3.3 [b]
2-E.3.2 [b]
2-E.3.1 [b]
coordinated OT
project planning

safety strategies

incident response
safety risking of threats
safety review of threats

cybersecurity strategies
threat countermeasures

identified countermeasures
threat process harmonization
effective communication channels

hardware/software design considerations

1

training catalog
1
2

system to track training participation

1
2

out of scope
roles and responsibilities document

no '262 product
X
1
3

list of approved tools and components

262 product match

1

global security goals

4

global security requirements

code protection plan
2 1 1
5 6

release integrity plan

Foundation

X
X
1

cybersecurity monitoring plan

7

X
X
2

incident response plan

1
8

decommissioning plan
X
1
9

threat prioritization plan

1
10

deployment plan
X
X

product-level security goals

1

X
X
X

product-level security requirements

1 2 1
2

requirements phase gate

Requirements

X
X
X
X
1
1

design showing security considerations

1
2

security design review report

X
X
1
3

attack surface analysis report

X
X
1

threat modeling report

Design

X
X
2
4

ranked/risked threat report

X
3

threat report
out of scope items for which the AVCDL provides material which may be used as supporting material
1
5

design phase gate

X
1
1

list of tools and components used

1
2

build process documentation

1
3

secure setting document

X
X
1
4

component/version - product/version cross-reference document

X

secure development
currently used deprecated functions document
static analysis report
Implementation

1 1 1 1
5 6 7 8

dynamic analysis report

1
9

secure code review summary

fuzz testing report
1 1
10 11

implementation phase gate

1
1

penetration testing report

updated threat model
updated attack surface analysis
Verification

1 1 1
2 3 4

verification phase gate

final security review report

archive manifest
Release

1 1 1
1 2 3

release phase gate

X
X
1
1

X
X

cybersecurity incident report

X
X
Operation

X X 1
2 3 4

software deployment report

1
1

decommissioning report

AVCMDS
Supplier Self-reported Maturity
Decom Supplier

1 1 1
1 2 3

Cybersecurity Interface Agreement

in primary document
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

secure code review summary

security design review report
attack surface analysis report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report
product-level security goals

implementation phase gate

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion

7.2.1 compliance verification
[Link](a) development phase CSMS X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
[Link](b) production phase CSMS X X X X X X X X X X X X
[Link](c) post-production CSMS X X X X X
[Link](a) cybersecurity management
[Link](b) risk identification X X X X X
[Link](c) risk assessment / treatment X X X X X
[Link](d) verification of risk management X X X
CSMS

[Link](e) cybersecurity testing X X X X X X X X

[Link](f) risk assessment kept current X X X X X
[Link](g) adaptable monitoring / response X X X X X X X
[Link](h) cybersecurity controls tracking X X X X X X X X X
[Link] timely risk mitigation
[Link](a) vehicle monitoring enrollment
[Link](b) threat extraction from vehicle logs
[Link] supplier deficiency management X X X
7.3.1 certificate of compliance
7.3.2 management of type
7.3.3 critical element risk assessment
Vehicle Types

7.3.4 type risk protection

7.3.5 hosted environments
7.3.6 sufficient testing
7.3.7(a) detect / prevent cyberattacks
7.3.7(b) vehicle cybersecurity monitoring
7.3.7(c) provide forensic capability
7.3.8 use standard crypto modules X X
Reporting

7.4.1 periodic monitoring report

7.4.2 approval defect reporting

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

updated attack surface analysis

Supplier Self-reported Maturity

cybersecurity monitoring plan

attack surface analysis report

secure code review summary

security design review report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report

implementation phase gate

product-level security goals

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report

verification phase gate

incident response plan
decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion no '434 requirements

7.2.1 compliance verification no '434 requirements
[Link](a) development phase CSMS X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
[Link](b) production phase CSMS X X X X X X X X X X X X X X
[Link](c) post-production CSMS X X X X X X X X X X X X X
1 fully documented approach X X
2 practical, usable, appropriate processes X X
3 practical, usable, achievable user behaviors X X
[Link](a) cybersecurity management
4 process freshness X X in primary document 8.7
5 freshness triggers X X
6 fail-secure processes X X
1 processes ensure risks attended to X X X X X
2 risk focused on impact at the system level X X X X X
[Link](b) risk identification 3 use of state-of-the-art methodologies X X X X X
4 type-specific risk assessment X X X X X
5 type-specific threat analysis X X X X X
1 requirements-pointing risk treatment X X X X X
2 security-relevant assets tracked X X X X X
3 security-relevant asset freshness X X X X X
4 supporting infrastructure X X X X X
[Link](c) risk assessment / treatment
5 importance-based prioritization X X X X X
6 risk based on up-to-date body of knowledge X X X X X
7 type-specific risk identification X X X X X
8 effective, repeatable processes X X X X X
1 significant conslusions communicated X X X X X
[Link](d) verification of risk management
2 risk process freshness X X X X X in primary document 8.7
1 long-term effectiveness X X X X X X X X X X
CSMS

2 appropriate testing methods X X X X X X X X X X

[Link](e) cybersecurity testing 3 third-party process verification X X X X X X X X X X
4 timely defeciency disposition X X X X X X X X X X
5 testing method freshness X X X X X X X X X X in primary document 8.7
1 risk assessment triggers (system changes) X X X X X X X X X in primary document 8.7
[Link](f) risk assessment kept current
2 risk assessment triggers (BoK changes) X X X X X X X X X in primary document 8.7
1 security-relevant data collected X X X X X X X X X X X X
2 third-party alerts addressed X X X X X X X X X X X X
3 queryable log data X X X X X X X X X X X X
4 periodic alert resolution X X X X X X X X X X X X
5 security-relevant alerts priotitized X X X X X X X X X X X X
[Link](g) adaptable monitoring / response 6 timely application of updates X X X X X X X X X X X X
7 cybersecurity monitoring X X X X X X X X X X X X
8 cybersecurity monitoring process metrics X X X X X X X X X X X X
9 monitoring staff appropriately trained X X X X X X X X X X X X
10 monitoring results shared appropriately X X X X X X X X X X X X
11 monitoring robustness freshness X X X X X X X X X X X X
[Link](h) cybersecurity controls tracking X X X X X X X X X X
[Link] timely risk mitigation X X X X X X
[Link](a) vehicle monitoring enrollment no '434 requirements
[Link](b) threat extraction from vehicle logs X X X
1 deep understanding of supply chain X X X
2 supply chain risks considered X X X
3 essential, relevant information provided X X X
[Link] supplier deficiency management
4 clear security asks X X X
5 effective communication / data sharing X X X
6 mutual incident response support X X X
7.3.1 certificate of compliance no '434 requirements
7.3.2 management of type X X X X X X X X X X
7.3.3 critical element risk assessment X X X X
Vehicle Types

7.3.4 type risk protection X X X X X X X

7.3.5 hosted environments X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
7.3.6 sufficient testing X X X X X
7.3.7(a) detect / prevent cyberattacks no '434 requirements support via AVCDL methodology
7.3.7(b) vehicle cybersecurity monitoring X
7.3.7(c) provide forensic capability X X X
7.3.8 use standard crypto modules X X no '434 requirements
Reporting

7.4.1 periodic monitoring report X X X X X X

7.4.2 approval defect reporting no '434 requirements

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
supplemental material
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

secure code review summary

security design review report
attack surface analysis report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report

implementation phase gate

product-level security goals

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion no '434 requirements

7.2.1 compliance verification no '434 requirements
[Link](a) development phase CSMS X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
[Link](b) production phase CSMS X X X X X X X X X X X X X X
[Link](c) post-production CSMS X X X X X X X X X X X X X
[Link](a) cybersecurity management X X
[Link](b) risk identification X X X X X
[Link](c) risk assessment / treatment X X X X X
[Link](d) verification of risk management X X X X X
CSMS

[Link](e) cybersecurity testing X X X X X X X X X X

[Link](f) risk assessment kept current X X X X X X X X X in primary document 8.7
[Link](g) adaptable monitoring / response X X X X X X X X X X X X
[Link](h) cybersecurity controls tracking X X X X X X X X X X
[Link] timely risk mitigation X X X X X X
[Link](a) vehicle monitoring enrollment no '434 requirements
[Link](b) threat extraction from vehicle logs X X X
[Link] supplier deficiency management X X X
7.3.1 certificate of compliance no '434 requirements
7.3.2 management of type X X X X X X X X X X
7.3.3 critical element risk assessment X X X X
Vehicle Types

7.3.4 type risk protection X X X X X X X

7.3.5 hosted environments X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
7.3.6 sufficient testing X X X X X
7.3.7(a) detect / prevent cyberattacks no '434 requirements support via AVCDL methodology
7.3.7(b) vehicle cybersecurity monitoring X
7.3.7(c) provide forensic capability X X X
7.3.8 use standard crypto modules X X no '434 requirements
Reporting

7.4.1 periodic monitoring report X X X X X X

7.4.2 approval defect reporting no '434 requirements

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
supplemental material
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

secure code review summary

security design review report
attack surface analysis report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report

implementation phase gate

product-level security goals

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion no '434 requirements

7.2.1 compliance verification no '434 requirements
[Link](a) development phase CSMS X X X X X X X X X X X X X X X X
[Link](b) production phase CSMS X X X
[Link](c) post-production CSMS X X X X X X X X X X
[Link](a) cybersecurity management X X
[Link](b) risk identification X X X
[Link](c) risk assessment / treatment X X
[Link](d) verification of risk management X X X
CSMS

[Link](e) cybersecurity testing X X X X X

[Link](f) risk assessment kept current X X X X X X X in primary document 8.7
[Link](g) adaptable monitoring / response X X X X X X X X X X
[Link](h) cybersecurity controls tracking X X
[Link] timely risk mitigation X X X X X X
[Link](a) vehicle monitoring enrollment no '434 requirements
[Link](b) threat extraction from vehicle logs X X X
[Link] supplier deficiency management X
7.3.1 certificate of compliance no '434 requirements
7.3.2 management of type X X X
7.3.3 critical element risk assessment X X X X
Vehicle Types

7.3.4 type risk protection X X

7.3.5 hosted environments X
7.3.6 sufficient testing X X
7.3.7(a) detect / prevent cyberattacks no '434 requirements support via AVCDL methodology
7.3.7(b) vehicle cybersecurity monitoring X
7.3.7(c) provide forensic capability X X X
7.3.8 use standard crypto modules no '434 requirements
Reporting

7.4.1 periodic monitoring report X X X X X X

7.4.2 approval defect reporting no '434 requirements

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

updated attack surface analysis

Supplier Self-reported Maturity

cybersecurity monitoring plan

attack surface analysis report

secure code review summary

security design review report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report

implementation phase gate

product-level security goals

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report

verification phase gate

incident response plan
decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion no '434 requirements

7.2.1 compliance verification no '434 requirements
clause 7 X X X
clause 9 X X X X X X X
[Link](a) development phase CSMS
clause 10 X X X X X X
clause 11 X
[Link](b) production phase CSMS clause 12 X X X
clause 8 X X X X X X X X
[Link](c) post-production CSMS clause 13 X X X X X
clause 14 X
RQ-05-01 cybersecurity policy
RQ-05-02 organization-specific rules / policies
[Link](a) cybersecurity management
RQ-05-06 cybersecurity culture
RQ-05-07 ensure competency X X
RQ-15-01 damage scenarios X
RQ-15-02 asset identification X
[Link](b) risk identification
RQ-15-03 threat scenario identification X
RQ-15-08 attack path identification X
RQ-09-05 risk treatment to cybersecurity goal mapping X
RQ-09-06 cybersecurity claims X
RQ-15-04 damage scenario impact analysis X
RQ-15-05 damage scenario impact severity X
[Link](c) risk assessment / treatment
RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
RQ-15-16 risk value scale X
RQ-15-17 risk treatment considerations X
RQ-09-07 goals / claims verification report X
[Link](d) verification of risk management RQ-09-11 requirements allocation verification report X
CSMS

RQ-11-01 validation activities X

RQ-10-09 verification of requirements fulfillment X X
[Link](e) cybersecurity testing RQ-10-10 integration and verification specification X X X
RQ-11-01 validation activities X
RQ-06-09 keep cybersecurity work products updated in primary document 8.7
[Link](f) risk assessment kept current RQ-07-06 supplier vulnerability activities X
RQ-08-07 vulnerability management X X X X X X
RQ-07-06 supplier vulnerability activities X
RQ-08-01 cybersecurity monitoring sources X
RQ-08-02 cybersecurity triage triggers X
RQ-08-03 cybersecurity event triage X X
RQ-08-04 cybersecurity event assessment X X
[Link](g) adaptable monitoring / response RQ-08-05 identified weakness analysis X X X
RQ-08-07 vulnerability management X X X X X X
RQ-08-08 apply incident response protocols X X X X
RQ-12-01 production control plan X X
RQ-13-01 incident reponse plan X
RQ-13-02 incident reponse plan implementation X X X
[Link](h) cybersecurity controls tracking RQ-08-03 cybersecurity event triage X X
RQ-08-07 vulnerability management X X X X X X
[Link] timely risk mitigation
RQ-08-08 apply incident response protocols X X X X
[Link](a) vehicle monitoring enrollment no '434 requirements
RQ-08-01 cybersecurity monitoring sources X
RQ-08-02 cybersecurity triage triggers X
[Link](b) threat extraction from vehicle logs
RQ-08-03 cybersecurity event triage X X
RQ-08-04 cybersecurity event assessment X X
RQ-06-10 cybersecurity supplier interface definition X
[Link] supplier deficiency management
RQ-07-04 supplier cybersecurity interface agreement X
7.3.1 certificate of compliance no '434 requirements
RQ-07-01 evaluate supplier cybersecurity capability X X
7.3.2 management of type RQ-07-04 supplier cybersecurity interface agreement X
RQ-07-06 supplier vulnerability activities X
RQ-15-01 damage scenarios X
RQ-15-02 asset identification X
RQ-15-03 threat scenario identification X
RQ-15-04 damage scenario impact analysis X
RQ-15-05 damage scenario impact severity X
RQ-15-06 safety impact assignment X
7.3.3 critical element risk assessment
RQ-15-08 attack path identification X
RQ-15-09 attack path mapped to threat scenario X
RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
Vehicle Types

RQ-15-16 risk value scale X

RQ-15-17 risk treatment considerations X
RQ-09-05 risk treatment to cybersecurity goal mapping X
RQ-09-08 cybersecurity requirements to goals mapping X
7.3.4 type risk protection
RQ-09-09 requirements operational information X
RQ-09-10 attach requirements to components X
7.3.5 hosted environments RQ-15-03 threat scenario identification X
RQ-10-09 verification of requirements fulfillment X X
RQ-10-11 test coverage metrics X X
7.3.6 sufficient testing RC-10-12 verification of weakness minimization X X
RQ-10-13 documented rationale for not testing X X
RQ-11-01 validation activities X
7.3.7(a) detect / prevent cyberattacks no '434 requirements support via AVCDL methodology
7.3.7(b) vehicle cybersecurity monitoring RQ-08-01 cybersecurity monitoring sources X
RQ-08-05 identified weakness analysis X X X
7.3.7(c) provide forensic capability
RQ-08-06 weakness rejection rationale X X X
7.3.8 use standard crypto modules no '434 requirements
X X
Reporting

RQ-08-04 cybersecurity event assessment

7.4.1 periodic monitoring report
RQ-08-07 vulnerability management X X X X X X
7.4.2 approval defect reporting no '434 requirements

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

build process documentation

secure code review summary

security design review report
attack surface analysis report

cybersecurity incident report

global security requirements

software deployment report

product-level security goals

ranked/risked threat report

implementation phase gate

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
General

7.1.1 UN regulation non-exclusion no '434 requirements

7.2.1 compliance verification no '434 requirements
RQ-07-01 evaluate supplier cybersecurity capability X X
RQ-07-02 supplier-provided capability documentation X X
RQ-07-03 supplier cybersecurity quote managed at organizational level
RQ-07-04 supplier cybersecurity interface agreement X
RQ-07-06 supplier vulnerability activities X
RQ-07-07 extra-security CIA conflict X
RQ-09-01 item definition X X
RQ-09-02 item operational information X X
RQ-09-03 item analysis X
RQ-09-04 risk treatment X X
RQ-09-05 risk treatment to cybersecurity goal mapping X
RQ-09-06 cybersecurity claims X
RQ-09-07 goals / claims verification report X
RQ-09-08 cybersecurity requirements to goals mapping X
RQ-09-09 requirements operational information X
[Link](a) development phase CSMS RQ-09-10 attach requirements to components X
RQ-09-11 requirements allocation verification report X
RQ-10-01 refined cybersecurity requirements X
RQ-10-02 requirement component allocation X
RQ-10-03 post-development security consideration X
RQ-10-08 cybersecurity specification verification X X
RQ-10-07 cybersecurity requirement verification X X
RC-10-12 verification of weakness minimization X X
RQ-10-13 documented rationale for not testing X X
RQ-10-10 integration and verification specification X X X
RQ-10-09 verification of requirements fulfillment X X
RQ-10-11 test coverage metrics X X
RQ-10-04 tool selection criteria X
RQ-10-05 tool insufficiency mitigation X
RQ-11-01 validation activities X
RQ-11-02 validation activities rationale X
RQ-12-01 production control plan X X
[Link](b) production phase CSMS RQ-12-02 production control plan specification X X
RQ-12-03 production control plan implementation X
RQ-08-01 cybersecurity monitoring sources X X
RQ-08-02 cybersecurity triage triggers X X
RQ-08-03 cybersecurity event triage X X X
RQ-08-04 cybersecurity event assessment X X X
RQ-08-05 identified weakness analysis X X X
RQ-08-06 weakness rejection rationale X X X
[Link](c) post-production CSMS RQ-08-07 vulnerability management X X X X X X X
RQ-08-08 apply incident response protocols X X X X
RQ-13-01 incident reponse plan X
RQ-13-02 incident reponse plan implementation X X X
RQ-13-03 update plan X
RQ-14-01 procedures to communicate cybersecurity EoS X
CSMS

RQ-14-02 decommissioning cybersecurity requirements X

RQ-05-01 cybersecurity policy
RQ-05-02 organization-specific rules / policies
[Link](a) cybersecurity management
RQ-05-06 cybersecurity culture
RQ-05-07 ensure competency X X
RQ-15-01 damage scenarios X
RQ-15-02 asset identification X
[Link](b) risk identification
RQ-15-03 threat scenario identification X
RQ-15-08 attack path identification X
RQ-09-05 risk treatment to cybersecurity goal mapping X
RQ-09-06 cybersecurity claims X
RQ-15-04 damage scenario impact analysis X
RQ-15-05 damage scenario impact severity X
[Link](c) risk assessment / treatment
RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
RQ-15-16 risk value scale X
RQ-15-17 risk treatment considerations X
RQ-09-07 goals / claims verification report X
[Link](d) verification of risk management RQ-09-11 requirements allocation verification report X
RQ-11-01 validation activities X
RQ-10-09 verification of requirements fulfillment X X
[Link](e) cybersecurity testing RQ-10-10 integration and verification specification X X X
RQ-11-01 validation activities X
RQ-06-09 keep cybersecurity work products updated in primary document 8.7
[Link](f) risk assessment kept current RQ-07-06 supplier vulnerability activities X
RQ-08-07 vulnerability management X X X X X X
RQ-07-06 supplier vulnerability activities X
RQ-08-01 cybersecurity monitoring sources X
RQ-08-02 cybersecurity triage triggers X
RQ-08-03 cybersecurity event triage X X
RQ-08-04 cybersecurity event assessment X X
[Link](g) adaptable monitoring / response RQ-08-05 identified weakness analysis X X X
RQ-08-07 vulnerability management X X X X X X
RQ-08-08 apply incident response protocols X X X X
RQ-12-01 production control plan X X
RQ-13-01 incident reponse plan X
RQ-13-02 incident reponse plan implementation X X X
[Link](h) cybersecurity controls tracking RQ-08-03 cybersecurity event triage X X
RQ-08-07 vulnerability management X X X X X X
[Link] timely risk mitigation
RQ-08-08 apply incident response protocols X X X X
[Link](a) vehicle monitoring enrollment no '434 requirements
RQ-08-01 cybersecurity monitoring sources X
RQ-08-02 cybersecurity triage triggers X
[Link](b) threat extraction from vehicle logs
RQ-08-03 cybersecurity event triage X X
RQ-08-04 cybersecurity event assessment X X
RQ-06-10 cybersecurity supplier interface definition X
[Link] supplier deficiency management
RQ-07-04 supplier cybersecurity interface agreement X
7.3.1 certificate of compliance no '434 requirements
RQ-07-01 evaluate supplier cybersecurity capability X X
7.3.2 management of type RQ-07-04 supplier cybersecurity interface agreement X
RQ-07-06 supplier vulnerability activities X
RQ-15-01 damage scenarios X
RQ-15-02 asset identification X
RQ-15-03 threat scenario identification X
RQ-15-04 damage scenario impact analysis X
RQ-15-05 damage scenario impact severity X
RQ-15-06 safety impact assignment X
7.3.3 critical element risk assessment
RQ-15-08 attack path identification X
RQ-15-09 attack path mapped to threat scenario X
RQ-15-10 attack feasibility rating X
RQ-15-15 risk value determination X
Vehicle Types

RQ-15-16 risk value scale X

RQ-15-17 risk treatment considerations X
RQ-09-05 risk treatment to cybersecurity goal mapping X
RQ-09-08 cybersecurity requirements to goals mapping X
7.3.4 type risk protection
RQ-09-09 requirements operational information X
RQ-09-10 attach requirements to components X
7.3.5 type risk countermeasures RQ-15-03 threat scenario identification X
RQ-10-09 verification of requirements fulfillment X X
RQ-10-11 test coverage metrics X X
7.3.6 sufficient testing RC-10-12 verification of weakness minimization X X
RQ-10-13 documented rationale for not testing X X
RQ-11-01 validation activities X
7.3.7(a) detect / prevent cyberattacks no '434 requirements support via AVCDL methodology
7.3.7(b) vehicle cybersecurity monitoring RQ-08-01 cybersecurity monitoring sources X
RQ-08-05 identified weakness analysis X X X
7.3.7(c) provide forensic capability
RQ-08-06 weakness rejection rationale X X X
7.3.8 use standard crypto modules no '434 requirements
RQ-08-04 cybersecurity event assessment X X
7.4.1 periodic monitoring report
RQ-08-07 vulnerability management X X X X X X
7.4.2 approval defect reporting no '434 requirements

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R155 requirement
R155 requirement match
 Q9.1
Q8.1
Q7.6
Q7.5
Q7.4
Q7.3
Q7.2
Q7.1
Q6.1
Q5.4
Q5.3
Q5.2
Q5.1
Q4.1
Q3.2
Q3.1
Q2.1
Q1.4
Q1.3
Q1.2
Q1.1

use of QMS

risk treatment
risk assessment
risk identification

supply chain CSMS

cybersecurity policy

cybersecurity culture
roles and responsibilities

cybersecurity monitoring
cybersecurity requirements

cybersecurity incident report

cybersecurity event response
cybersecurity event detection

cybersecurity response metrics

cybersecurity event assessment
verification of risk management

post-production phase processes

cybersecurity event management

cybersecurity risk assessment current
production phase requirements verification
development phase requirements verification
1

training catalog
1
2

system to track training participation

1
2

out of scope
roles and responsibilities document
1
3

list of approved tools and components

1

R155 question match

global security goals

no R155 audit question

4

global security requirements

code protection plan
2 1 1
5 6
Foundation

release integrity plan

1

X
X
cybersecurity monitoring plan
7
2

X
X
X
incident response plan
1
8

X
decommissioning plan
1
9

X
X
X
X
X
X

threat prioritization plan

1

X
10

deployment plan

product-level security goals

1

X
X
X

product-level security requirements

1 2 1
2

requirements phase gate

Requirements

1
1

design showing security considerations

1
2

security design review report

1
3

attack surface analysis report

1

threat modeling report

Design

2
4

ranked/risked threat report

3

threat report
1
5

design phase gate

1
1

list of tools and components used

1
2

build process documentation

1
3

secure setting document

1
4

component/version - product/version cross-reference document

secure development
currently used deprecated functions document
static analysis report
Implementation

1 1 1 1
5 6 7 8

dynamic analysis report

1
9

secure code review summary

fuzz testing report
1 1
10 11

implementation phase gate

1
1

penetration testing report

X
X
X
X

updated threat model

X
X
X
X

updated attack surface analysis

Verification

1 1 1
2 3 4

X
X
X

verification phase gate

1
1

X
X

final security review report

archive manifest
Release

1 1
2 3

release phase gate

1
1

X
X
X
X
X

X
X
X
X
X

cybersecurity incident report

X
X
X
X
X
Operation

X X 1
2 3 4

software deployment report

X

decommissioning report
X

AVCMDS
X

Supplier Self-reported Maturity

Deco Supplier

1 1 1 1
1 1 2 3

Cybersecurity Interface Agreement

 Q6.1
Q5.6
Q5.5
Q5.4
Q5.3
Q5.2
Q5.1
Q4.3
Q4.2
Q4.1
Q3.3
Q3.2
Q3.1
Q2.4
Q2.3
Q2.2
Q2.1
Q1.4
Q1.3
Q1.2
Q1.1

TARA

supply chain CSMS

cybersecurity policy

cybersecurity culture

release to production
cybersecurity monitoring

cybersecurity risk treatment

cybersecurity end of support

cybersecurity event detection

cybersecurity product updates

cybersecurity decommissioning
cybersecurity event assessment

cybersecurity incident response

post-development cybersecurity
cybersecurity risk determination
cybersecurity event management
cybersecurity project management
cybersecurity process management

cybersecurity requirements definition

cybersecurity requirements verification
cybersecurity goals / claims verification
1

training catalog
1
2

system to track training participation

1
2

out of scope
roles and responsibilities document
1
3

list of approved tools and components

1

global security goals

4

PAS5112 question match

global security requirements

no PAS5112 audit question

code protection plan
2 1 1
5 6

X
Foundation

release integrity plan

1

X cybersecurity monitoring plan

7
2

X
X
X
X incident response plan
1
8

X
X
decommissioning plan
1
9

X
threat prioritization plan
1

X
X
10

deployment plan

X product-level security goals

1

X
product-level security requirements
1 2 1
2

requirements phase gate

Requirements

1
1

X
X

design showing security considerations

1
2

security design review report

1
3

attack surface analysis report

1

X
X
X

threat modeling report

Design

2
4

X
X
X
X
X

ranked/risked threat report

3

X
X
X

threat report
1
5

design phase gate

1
1

list of tools and components used

1
2

build process documentation

1
3

secure setting document

1
4

component/version - product/version cross-reference document

secure development
currently used deprecated functions document
static analysis report
Implementation

1 1 1 1
5 6 7 8

dynamic analysis report

1
9

secure code review summary

fuzz testing report
1 1

X
10 11

implementation phase gate

1
1

penetration testing report

X

updated threat model

X

updated attack surface analysis

Verification

1 1 1
2 3 4

X
X

verification phase gate

1
1

final security review report

archive manifest
Release

1 1
2 3

release phase gate

1
1

X
X
X
X

X
X
X

cybersecurity incident report

X
X
X
Operation

X X 1
2 3 4

software deployment report

decommissioning report
X

AVCMDS
X

Supplier Self-reported Maturity

Deco Supplier

1 1 1 1
1 1 2 3

Cybersecurity Interface Agreement

 Activity Work Product Dependencies
Organization Level Requirements
WP-4.4.1 Organizational rules and processes RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
Requirements
Organization

WP-4.4.2 Records of organizational management RQ-[Link] RQ-[Link] RQ-[Link]

Level

4 WP-4.4.3 Documentation of continuous improvement RQ-[Link] RQ-[Link]

WP-4.4.4 Information sharing policy RQ-[Link]
WP-4.4.5 Audit report RQ-[Link]
Project Level Requirements
WP-5.4.1 Software update project plan RQ-[Link] RQ-[Link]
Requirements
Project Level

WP-5.4.2 Documentation of software update project RQ-[Link]

5 WP-5.4.3 Requirement tailoring rationale RQ-[Link]
WP-5.4.4 Interoperability confirmation documentation RQ-[Link]
WP-5.4.5 Documentation of integrity preservation process RQ-[Link]
Infrastructure
WP-6.4.1 Cybersecurity risk management documentation RQ-[Link]
Infrastructure

WP-6.4.2 Vehicle configuration information documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
6 WP-6.4.3 Software update campaign documentation RQ-[Link] RQ-[Link]
WP-6.4.4 Software update package documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
WP-6.4.5 Failure recovery documentation RQ-[Link]
Software Development
WP-7.4.1 Risk management documentation RQ-[Link] RQ-[Link] RQ-[Link]
Developme
Software

WP-7.4.2 Vehicle configuration information documentation RQ-[Link] RQ-[Link] RQ-[Link]

7
nt

WP-7.4.3 Software update campaign documentation RQ-[Link] RQ-[Link]

WP-7.4.4 Software update package documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
Package Development
WP-8.4.1 Documentation of update package contents and targets RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
Developme
Package

WP-8.4.2 Minimum required software update package RQ-[Link] RQ-[Link] RQ-[Link]

8
nt

WP-8.4.3 Verification and validation documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
WP-8.4.4 Release approval documentation RQ-[Link]
Campaign Operations
WP-9.4.1 Software update campaign plan documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
Operatio
Campaig

9 WP-9.4.2 Software update campaign execution documentation RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link] RQ-[Link]
ns
n

WP-9.4.3 Software update campaign completion documentation RQ-[Link] RQ-[Link]

should be requirement
requirement without work product
work product missing
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

updated attack surface analysis

Supplier Self-reported Maturity

cybersecurity monitoring plan

attack surface analysis report

secure code review summary

security design review report

build process documentation

cybersecurity incident report

global security requirements

software deployment report

ranked/risked threat report
product-level security goals

implementation phase gate

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report

verification phase gate

incident response plan
decommissioning plan

updated threat model

release integrity plan

static analysis report

code protection plan

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
RQ-[Link] software updates done per 24089
RQ-[Link] udpate rules and processes
Organization Level Requirements

RQ-[Link] document management system

WP-4.4.1 RQ-[Link] privacy implications
RQ-[Link] configuration management system
RQ-[Link] change management process
RQ-[Link] quality management system
RQ-[Link] existing standards compliance 21434 compliance
WP-4.4.2 RQ-[Link] requirements management system
RQ-[Link] change management process
RQ-[Link] comtinuous improvement process
WP-4.4.3
RQ-[Link] continuous compliance process
WP-4.4.4 RQ-[Link] information sharing policy X
WP-4.4.5 RQ-[Link] independent audit 21434 compliance
RQ-[Link] project plan
WP-5.4.1
Requirements

X
Project Level

RQ-[Link] roles and responsibilities in primary document

WP-5.4.2 RQ-[Link] update project document management 21434 compliance
WP-5.4.3 RQ-[Link] tailoring rationale 21434 compliance
WP-5.4.4 RQ-[Link] process interoperability X X
WP-5.4.5 RQ-[Link] deployment package integrity X X X X
WP-6.4.1 RQ-[Link] cybersecurity risk management X X X X X X
RQ-[Link] vehicle configuration management infrastructure X X
RQ-[Link] vehicle configuration integrity infrastructure X X
WP-6.4.2 RQ-[Link] vehicle configuration distribution infrastructure X X
RQ-[Link] systems/components dependency indentification X X
RQ-[Link] package compatibility verification X X
Infrastructure

RQ-[Link] notification infrastructure

WP-6.4.3
RQ-[Link] update campaign results management infrastructure
RQ-[Link] package creation/storage infrastructure X X X X
RQ-[Link] package - target association infrastructure X X X X
RQ-[Link] campaign recipient identification infrastructure X X X X
WP-6.4.4
RQ-[Link] package distribution infrastructure X X X X
RQ-[Link] updateability determination infrastructure X X X X
RQ-[Link] update integrity infrastructure X X X X
WP-6.4.5 RQ-[Link] failure recovery infrastructure
RQ-[Link] functional safety risk management
WP-7.4.1 RQ-[Link] misuse safety risk management
RQ-[Link] cybersecurity risk management X X X X X X R155 compliance
RQ-[Link] vehicle configuration extraction process
WP-7.4.2 RQ-[Link] extracted vehicle configuration integrity
RQ-[Link] update component identification process
Software Development

RQ-[Link] related party communication process

WP-7.4.3
RQ-[Link] in-vehicle update go-ahead process
RQ-[Link] update distribution process X X X X
RQ-[Link] update operation process X X X X
RQ-[Link] update conditions met process X X X X
RQ-[Link] multiple access request arbitration process X X X X
RQ-[Link] update download interruption process X X X X
WP-7.4.4
RQ-[Link] integrity / authenticity verification process X X X X
RQ-[Link] integrity of update contents process X X X X
RQ-[Link] update compatibility check process X X X X
RQ-[Link] vehicle safe throughout update process X X X X
RQ-[Link] in-vehicle update failure safety process X X X X
RQ-[Link] list of updated components X X X
RQ-[Link] SBOM X SBOM elaboration document
RQ-[Link] existing software / hardware compatibility
RQ-[Link] existing software / hardware dependencies
WP-8.4.1
RQ-[Link] necessary in-vehicle resources and conditions
RQ-[Link] update distribution method constraints
RQ-[Link] required udpate cybersecurity actions X X X
Package Development

RQ-[Link] required update user actions

RQ-[Link] update package creation process X X X X
WP-8.4.2 RQ-[Link] update scope enforcement process
RQ-[Link] update package unique identifier
RQ-[Link] pre-release V&V X X X X X X
RQ-[Link] update compatibility check
RQ-[Link] update dependency check
RQ-[Link] update resource requirements
WP-8.4.3
RQ-[Link] deployment failure implications
RQ-[Link] update package content scope check
RQ-[Link] update cybersecurity actions verified and validated X X X X X X
RQ-[Link] update user actions verified and validated
WP-8.4.4 RQ-[Link] V&V gate(s) X X
RQ-[Link] software update purpose
RQ-[Link] roles and responsibilities X in primary document
RQ-[Link] update package components X
RQ-[Link] update package components approval for release X
RQ-[Link] hardware/software versions to be replaced
RQ-[Link] update methodology
RQ-[Link] udpate target identification
WP-9.4.1 RQ-[Link] update conditions/resources needed
RQ-[Link] system/software dependencies
RQ-[Link] update failure corrective actions
RQ-[Link] update cybersecurity measures required X X X X
RQ-[Link] special equipment/training required
RQ-[Link] user confirmation requirements
RQ-[Link] communications plan
Campaign Operations

RQ-[Link] software update plan

RQ-[Link] current vehicle configuration determination
RQ-[Link] vehicles matching target configuration
RQ-[Link] completion of clause 8 requirements
RQ-[Link] per plan update distribution
RQ-[Link] update conditions sufficiency
RQ-[Link] arbitration of multiple requests to ensure safety
RQ-[Link] update package integrity / authenticity verification
RQ-[Link] update package depencency satisfactions
WP-9.4.2 RQ-[Link] communication of update availabilty
RQ-[Link] user informed prior to update attempt
RQ-[Link] update process user authorization
RQ-[Link] required user actions for update communicated
RQ-[Link] updating personnel qualifications verification
RQ-[Link] update failure corrective actions taken
RQ-[Link] update progress status obtained
RQ-[Link] timely update results reporting
RQ-[Link] communication of update information/changes
RQ-[Link] update campaign records management/storage
WP-9.4.3
RQ-[Link] end of campaign communication

out of scope Note: managed at the organizational level or by a different group within the organization
out of scope items for which the AVCDL provides material which may be used as supporting material
no 089 product
089 product match
 Foundation Requirements Design Implementation Verification Release Operation Deco Supplier
1 2 3 4 5 6 7 8 9 10 1 2 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 1 2 3 1 2 3 4 1 1 2 3
1 2 1 1 1 2 1 1 1 2 1 1 1 1 2 1 1 1 1 1 2 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X X 1 1 1 1 1

component/version - product/version cross-reference document

currently used deprecated functions document

design showing security considerations
list of approved tools and components
system to track training participation

product-level security requirements

roles and responsibilities document

Cybersecurity Interface Agreement

list of tools and components used

Supplier Self-reported Maturity

updated attack surface analysis
cybersecurity monitoring plan

build process documentation

secure code review summary

security design review report
attack surface analysis report

cybersecurity incident report

global security requirements

software deployment report

product-level security goals

ranked/risked threat report

implementation phase gate

final security review report

penetration testing report
requirements phase gate

secure setting document

threat prioritization plan

decommissioning report
dynamic analysis report
threat modeling report
incident response plan

verification phase gate

decommissioning plan

updated threat model

release integrity plan
code protection plan

static analysis report

secure development
global security goals

release phase gate

fuzz testing report
design phase gate
deployment plan

archive manifest
training catalog

threat report

AVCMDS
RQ-[Link] udpate rules and processes
[Link] information documented and secured RQ-[Link] existing standards compliance 21434 compliance
RQ-[Link] document management system
RQ-[Link] configuration management system
[Link] software/hardware information identified
RQ-[Link] vehicle configuration management infrastructure
[Link] RXSWIN access and update no '089 requirements
[Link] RXSWIN verification no '089 requirements
RQ-[Link] systems/components dependency indentification
[Link] system dependency tracking RQ-[Link] existing software / hardware dependencies
Processes

RQ-[Link] system/software dependencies

RQ-[Link] list of updated components X X X
[Link] update target vehicle identification
RQ-[Link] vehicles matching target configuration
RQ-[Link] existing software / hardware compatibility
[Link] vehicle update compatibility confirmation
RQ-[Link] update compatibility check
[Link] update vehicle impact assessment no '089 requirements
[Link] update change assessment no '089 requirements
[Link] update collateral impact RQ-[Link] system/software dependencies
RQ-[Link] notification infrastructure
[Link] update campaign user disclosure
RQ-[Link] user informed prior to update attempt
[Link] update information regulatory disclosure RQ-[Link] information sharing policy X
[Link] software update process documentation RQ-[Link] udpate rules and processes
RQ-[Link] vehicle configuration management infrastructure X X
[Link] pre/post udpate system configuration
RQ-[Link] update campaign records management/storage
[Link] auditable per RXSWIN update registry no '089 requirements
RQ-[Link] list of updated components X X X
[Link] campaign target vehicle documentation
SUMS

RQ-[Link] update compatibility check

[Link](a) update purpose documentation RQ-[Link] software update purpose
[Link](b) update affected systems / functions documentation RQ-[Link] list of updated components X X X
[Link](c) update type approval documentation no '089 requirements
[Link](d) update type approval impact documentation no '089 requirements
Records

[Link](e) update type approval parameter impact documentation no '089 requirements

[Link](f) update type approval sought documentation no '089 requirements
RQ-[Link] necessary in-vehicle resources and conditions
RQ-[Link] required udpate cybersecurity actions X X X
RQ-[Link] required update user actions
[Link](g) update execution mechanism documentation
RQ-[Link] update methodology
RQ-[Link] update conditions/resources needed
RQ-[Link] special equipment/training required
RQ-[Link] update conditions/resources needed
[Link](h) update confirmation documentation
RQ-[Link] update cybersecurity measures required X X X X
RQ-[Link] pre-release V&V X X X X X X
[Link](i) update V&V documentation
RQ-[Link] V&V gate(s) X X
RQ-[Link] deployment package integrity X X X X
[Link] udpate payload integrity assurance RQ-[Link] update integrity infrastructure X X X X
Security

RQ-[Link] required udpate cybersecurity actions X X X

RQ-[Link] existing standards compliance 21434 compliance
[Link] secure update processes
RQ-[Link] cybersecurity risk management X X X X X X
[Link] verification of update appropriateness no '089 requirements
[Link] no OTA safety impact RQ-[Link] existing standards compliance 21434 compliance
OTA

RQ-[Link] special equipment/training required

[Link] manual post-update activities
RQ-[Link] user confirmation requirements
RQ-[Link] integrity / authenticity verification process X X X X
[Link] update authenticity / integrity
RQ-[Link] integrity of update contents process X X X X
Software
Update

[Link].1 unique RXSWINs no '089 requirements

[Link].2 easily readable RXSWINs no '089 requirements
[Link].3 RXSWIN protection no '089 requirements
Vehicle Type

[Link].1 reversion to good state on update failure RQ-[Link] in-vehicle update failure safety process X X X X
[Link].2 sufficient power to perform update RQ-[Link] update conditions met process X X X X
[Link].3 safe state to perform update RQ-[Link] vehicle safe throughout update process X X X X
OTA

[Link] user informed prior to udpate attempt RQ-[Link] related party communication process
[Link] no updates putting vehicle in unsafe state while driving RQ-[Link] vehicle safe throughout update process X X X X
[Link] user informed upon update completion RQ-[Link] related party communication process
[Link] no updates until all precautions met RQ-[Link] update conditions met process X X X X

out of scope
out of scope items for which the AVCDL provides material which may be used as supporting material
no R156 requirement
R156 requirement match