Home

21434

ISO/SAE 21434, Road vehicles — Cybersecurity engineering, is an international standard published in 2021 by ISO and SAE International. It provides a risk-based framework for cybersecurity engineering across the lifecycle of road vehicles and related components, including hardware, software, and networked interfaces. The standard is intended for automotive manufacturers, suppliers, and developers and covers both passenger cars and commercial vehicles.

The central goal of 21434 is to reduce cybersecurity risks by integrating security into all stages of

Implementation guidance under 21434 typically involves establishing a cybersecurity management process, conducting risk assessments and threat

product
development
and
operations.
It
promotes
a
lifecycle
approach
that
extends
from
concept
and
development
through
production,
operation,
and
decommissioning.
Key
concepts
include
risk
management,
threat
modeling,
secure
engineering
practices,
governance,
and
ongoing
monitoring
and
updates.
The
standard
also
addresses
supply
chain
security
and
requires
coordination
with
suppliers
and
clear
documentation
to
demonstrate
traceability
and
accountability.
It
emphasizes
the
need
for
security
controls
to
be
considered
alongside
safety
requirements,
aligning
with
broader
safety
engineering
practices
such
as
ISO
26262.
analyses,
defining
security
requirements,
implementing
protective
measures,
and
managing
software
updates
and
incident
response.
The
standard
has
influenced
regulatory
and
industry
practices,
especially
in
relation
to
regulatory
frameworks
like
UNECE
WP.29,
and
it
is
widely
used
as
a
basis
for
cybersecurity
engineering
in
automotive
development
and
procurement.