最新资讯
本文将由亚远景科技为您带来ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment。
1.ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment
[RQ-06-24] A decision whether to perform a cybersecurity assessment for an item or component shall be made supported by a rational applying a risk-based approach是否对物品或组件进行网络安全评估的决定,应以基于风险的方法的原理为依据
[RQ-06-25] The rationale of [RQ-06-24] shall be reviewed independently[RQ-06-24]的原理应被独立评审
[RQ-06-26] The cybersecurity assessment shall judge the cybersecurity of the item or component网络安全评估应判断相关项或组件的网络安全
[RQ-06-27] A person responsible to plan and perform independently a cybersecurity assessment shall be appointed in accordance with [RQ-06-01]应根据[RQ-06-01]的规定指定负责计划和独立执行网络安全评估的人
[RQ-06-28] A person who carries out a cybersecurity assessment shall have:进行网络安全评估的人应具备:
a) access to the relevant information and tools获取相关信息和工具的权限
b) the cooperation of the personnel performing the cybersecurity activities实施网络安全活动的人员之间的合作
[PM-06-29] A cybersecurity assessment may be based on a judgment of whether the objectives of this document are achieved网络安全评估可基于对本文档目标是否达成的判断
[RQ-06-30] The scope of a cybersecurity assessment shall include:网络安全评估的范围应包括:
a) the cybersecurity plan and all work products identified in the cybersecurity plan网络安全计划和定义在网络安全计划中的所有工作产品
b) the treatment of the cybersecurity risks网络安全风险的处理
c) the appropriateness and effectiveness of implemented cybersecurity controls and cybersecurity activities performed for the projects为项目而实施的网络安全控制和实施的网络安全活动的适当性和有效性
d) The rationales, if provided, that desmostrate, the achievement of the objectives of this document如有提供,说明实现本文件目标的理由
[RQ-06-31] A cybersecurity assessment report shall include a recommendation for acceptance, conditional acceptance, or rejection of the cybersecurity of the item or component网络安全评估报告应包括接受、有条件接受或拒绝相关项或组件网络安全的建议
[RQ-06-32] If a recommendation for conditional acceptance in accordance with [RQ-06-31] is made, then the cybersecurity assessment report shall include the conditions for acceptance如根据[RQ-06-31]的规定提出有条件接受建议,则网络安全评估报告应包括接受条件
ASPICE MAN.3 BP4
Define, monitor and adjust project activities
定义、监控和调整项目活动。
CS SPICE SEC.2
Cybersecurity Implementation.
网络安全实施
ASPICE SUP.1 BP2
Assure quality of work products
保证工作产品的质量
以上就是亚远景科技带来的ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment。
亚远景科技,专注于ASPICE,ISO26262,ISO21434等相关培训、咨询和评估认证服务。
