The UNECE regulation R155 requires, among others, that the vehicle manufacturer identify and manage cybersecurity risks in the supply chain. Automotive SPICE is a process assessment model, when used with an appropriate assessment method, which helps to identify process-related product risks. To incorporate cybersecurity-related processes into the proven scope of Automotive SPICE, additional processes have been defined in a Process Reference and Assessment Model for Cybersecurity Engineering (Cybersecurity PAM).
Part I of this document supplements the Automotive SPICE PAM 3.1 enabling the evaluation of cybersecurity-relevant development processes. A prerequisite for performing an assessment using the Automotive SPICE for Cybersecurity PAM is the existence of an ASPICE assessment result for the VDA scope with a comparable assessment scope. Otherwise, an assessment using both the Automotive SPICE for Cybersecurity PAM and ASPICE PAM for the VDA scope processes has to be performed.
The Automotive SPICE® for cybersecurity Process Assessment Model may be obtained free of charge via download from the www.automotivespice.com website.
Part II of this document complements the existing Automotive SPICE Guideline (1st edition). It contains interpretation and rating guidelines for the processes defined in Part I. Chapters 1 and 2 of the Automotive SPICE Guideline (1st edition) also apply to Part II and therefore are not repeated here.
Annex B contains a subset of Work Product Characteristics that are relevant for the processes of Automotive SPICE for Cybersecurity.
Annex C contains a subset of terms that are relevant for the processes of Automotive SPICE for cybersecurity.