Strategy to Adopt ISO/SAE 21434 Cyber Security Assurance Level in the Organization

The recent standard, ISO/SAE 21434, is introduced to address the cybersecurity requirements for the development of electrical and electronic components in the road vehicles. This standard has introduced a new classification scheme, cybersecurity assurance level (CAL), that helps in validating the process rigor needed for mitigating different threat scenarios. CAL values can range from 1(Least stringent process rigor) to 4 (most stringent process rigor). CAL provides assurance that the assets of an item or component are adequately protected against the relevant threat scenarios by defining the scope of various processes at different phases of the Secure Development Life Cycle (SDL). CAL values can be determined at the earlier stages of the SDLC (cybersecurity concept phase) through the knowledge of attack vectors and attack severity specific to a system. The CAL value can be used as a reference to define the scope of rigor in the design, development, and verification phase of the SDLC. This paper aims to define a process to determine CAL based on the existing concepts of ISO/SAE21434 guidelines. The study adopts an RVC (Rear-View Camera) system and performs a threat modeling to describe the details of the proposed process and helps cybersecurity experts, organizations to implement a structured process of CAL in their existing cybersecurity management system.