1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 38628-2020 English PDF (GBT38628-2020)
GB/T 38628-2020 English PDF (GBT38628-2020)
Regular price
$355.00 USD
Regular price
Sale price
$355.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 38628-2020
Historical versions: GB/T 38628-2020
Preview True-PDF (Reload/Scroll if blank)
GB/T 38628-2020: Information security technology -- Cybersecurity guide for automotive electronics systems
GB/T 38628-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Cybersecurity guide
for automotive electronics system
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 8
5 Cybersecurity activity framework of automotive electronic system ... 8
5.1 Overview ... 8
5.2 Organization management ... 9
5.3 Cybersecurity activities ... 9
5.4 Support guarantee ... 11
6 Cybersecurity organization management of automotive electronics systems
... 12
6.1 Set organizational structure ... 12
6.2 Establish a communication and coordination platform ... 12
6.3 System construction and employee training ... 13
6.4 Test and evaluation ... 13
6.5 Stage inspection ... 15
7 Cybersecurity activities of automotive electronics systems ... 16
7.1 Conceptual design stage ... 16
7.2 System-level product development stage ... 22
7.3 Hardware-level product development stage ... 27
7.4 Software-level product development stage ... 31
7.5 Product production, operation and service stage ... 36
8 Cybersecurity support for automotive electronic systems ... 38
8.1 Configuration management ... 38
8.2 Demand management ... 38
8.3 Change management ... 39
8.4 Document management ... 39
8.5 Supply chain management ... 40
8.6 Cloud management ... 41
Appendix A (Informative) Typical cybersecurity risks of automotive electronic
systems ... 44
Appendix B (Informative) Examples of cybersecurity protection measures for
automotive electronic systems ... 49
Appendix C (Informative) Example of incident handling checklist ... 52
References ... 53
Information security technology - Cybersecurity guide
for automotive electronics system
1 Scope
This standard gives a framework for cybersecurity activities in automotive
electronics systems, as well as recommendations for cybersecurity activities,
organizational management, support assurance for automotive electronics
systems under this framework.
This standard is applicable to guide OEMs, parts suppliers, software suppliers,
chip suppliers, various service providers, and other organizations in the
automotive electronics supply chain to carry out cybersecurity activities, guide
relevant personnel to meet the basic cybersecurity needs during design,
development, production, operation, service when engaging in automotive
electronics systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336-2015 (all parts) Information technology - Security techniques -
Evaluation criteria for IT security
GB/T 20984-2007 Information security technology - Risk evaluation
specification for information security
GB/T 29246-2017 Information technology - Security techniques -
Information security management systems - Overview and vocabulary
GB/T 30279-2013 Information security technology - Vulnerability
classification guide
GB/T 31167-2014 Information security technology - Security guide of
cloud computing services
GB/T 31168-2014 Information security technology - Security capability
requirements of cloud computing services
inspection, and other activities.
5.3.2 Product development stage
The product development stage includes the development stage of system-
level product, the development stage of hardware-level product, the
development stage of software-level product. Figure 2 shows the basic process
of the product development stage as well as the relationship between product
development at the system level, hardware level, and software level. Figure 2
does not include the iterative process, but in fact many stages require repeated
iterations, in order to finally achieve the development goals.
The development stage of system-level product mainly includes initiation of
development of system-level product, cybersecurity technical specifications
(including system-level vulnerability analysis, cybersecurity strategy
specification, determination of cybersecurity technical requirements, etc.),
system design, system function integration, cybersecurity testing, cybersecurity
verification, cybersecurity evaluation and inspection, product release, etc.
The development stage of hardware-level product mainly includes initiation o
development of hardware product, hardware cybersecurity specifications
(including hardware-level vulnerability analysis, determination of cybersecurity
requirements), hardware design, hardware integration and cybersecurity
testing, verification of hardware cybersecurity requirements, detailing
cybersecurity evaluation, and so on.
The development stage of software-level product mainly includes initiation of
development of software product, software cybersecurity specifications
(including software-level vulnerability analysis, determination of cybersecurity
requirements), software architecture design, software unit design and
implementation, software unit testing, software integration, cybersecurity
testing, verification of software cybersecurity needs, detailing cybersecurity
evaluation and so on.
When cryptographic technology is needed in the product development stage, it
is necessary to comply with relevant national cryptographic management
provisions.
management end security and so on.
6 Cybersecurity organization management of
automotive electronics systems
6.1 Set organizational structure
Organizations need to attach great importance to cybersecurity; consider
cybersecurity at the strategic level of the organization; specifically reflect it from
the following aspects:
a) Formulate and implement the organization's cybersecurity strategy, policy,
objectives;
b) To implement the leadership responsibility system for cybersecurity, it may
establish a cybersecurity leadership group with the responsibility of
organized senior leaders, to be responsible for the supervision on
formulation and implementation of cybersecurity strategies, policies,
objectives, meanwhile coordinating the cooperation between various
departments;
c) Set up a special institute to be responsible for cultural construction,
information communication, training, cross-departmental resource
allocation and other related work related to cybersecurity;
d) Employees can clearly know the organizational settings and division of
responsibilities related to cybersecurity within the organization.
6.2 Establish a communication and coordination platform
The organization should establish internal and external information
communication and coordination channels for cybersecurity, including but not
limited to the following:
a) Develop a process for individuals or organizations inside or outside the
organization to report on cybersecurity incidents; clarify the interface
between relevant departments within the organization and the
responsibilities that shall be assumed;
b) Develop a process for notifying relevant parties about cybersecurity
incidents; carry o...
Get QUOTATION in 1-minute: Click GB/T 38628-2020
Historical versions: GB/T 38628-2020
Preview True-PDF (Reload/Scroll if blank)
GB/T 38628-2020: Information security technology -- Cybersecurity guide for automotive electronics systems
GB/T 38628-2020
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Cybersecurity guide
for automotive electronics system
ISSUED ON: APRIL 28, 2020
IMPLEMENTED ON: NOVEMBER 01, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Abbreviations ... 8
5 Cybersecurity activity framework of automotive electronic system ... 8
5.1 Overview ... 8
5.2 Organization management ... 9
5.3 Cybersecurity activities ... 9
5.4 Support guarantee ... 11
6 Cybersecurity organization management of automotive electronics systems
... 12
6.1 Set organizational structure ... 12
6.2 Establish a communication and coordination platform ... 12
6.3 System construction and employee training ... 13
6.4 Test and evaluation ... 13
6.5 Stage inspection ... 15
7 Cybersecurity activities of automotive electronics systems ... 16
7.1 Conceptual design stage ... 16
7.2 System-level product development stage ... 22
7.3 Hardware-level product development stage ... 27
7.4 Software-level product development stage ... 31
7.5 Product production, operation and service stage ... 36
8 Cybersecurity support for automotive electronic systems ... 38
8.1 Configuration management ... 38
8.2 Demand management ... 38
8.3 Change management ... 39
8.4 Document management ... 39
8.5 Supply chain management ... 40
8.6 Cloud management ... 41
Appendix A (Informative) Typical cybersecurity risks of automotive electronic
systems ... 44
Appendix B (Informative) Examples of cybersecurity protection measures for
automotive electronic systems ... 49
Appendix C (Informative) Example of incident handling checklist ... 52
References ... 53
Information security technology - Cybersecurity guide
for automotive electronics system
1 Scope
This standard gives a framework for cybersecurity activities in automotive
electronics systems, as well as recommendations for cybersecurity activities,
organizational management, support assurance for automotive electronics
systems under this framework.
This standard is applicable to guide OEMs, parts suppliers, software suppliers,
chip suppliers, various service providers, and other organizations in the
automotive electronics supply chain to carry out cybersecurity activities, guide
relevant personnel to meet the basic cybersecurity needs during design,
development, production, operation, service when engaging in automotive
electronics systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 18336-2015 (all parts) Information technology - Security techniques -
Evaluation criteria for IT security
GB/T 20984-2007 Information security technology - Risk evaluation
specification for information security
GB/T 29246-2017 Information technology - Security techniques -
Information security management systems - Overview and vocabulary
GB/T 30279-2013 Information security technology - Vulnerability
classification guide
GB/T 31167-2014 Information security technology - Security guide of
cloud computing services
GB/T 31168-2014 Information security technology - Security capability
requirements of cloud computing services
inspection, and other activities.
5.3.2 Product development stage
The product development stage includes the development stage of system-
level product, the development stage of hardware-level product, the
development stage of software-level product. Figure 2 shows the basic process
of the product development stage as well as the relationship between product
development at the system level, hardware level, and software level. Figure 2
does not include the iterative process, but in fact many stages require repeated
iterations, in order to finally achieve the development goals.
The development stage of system-level product mainly includes initiation of
development of system-level product, cybersecurity technical specifications
(including system-level vulnerability analysis, cybersecurity strategy
specification, determination of cybersecurity technical requirements, etc.),
system design, system function integration, cybersecurity testing, cybersecurity
verification, cybersecurity evaluation and inspection, product release, etc.
The development stage of hardware-level product mainly includes initiation o
development of hardware product, hardware cybersecurity specifications
(including hardware-level vulnerability analysis, determination of cybersecurity
requirements), hardware design, hardware integration and cybersecurity
testing, verification of hardware cybersecurity requirements, detailing
cybersecurity evaluation, and so on.
The development stage of software-level product mainly includes initiation of
development of software product, software cybersecurity specifications
(including software-level vulnerability analysis, determination of cybersecurity
requirements), software architecture design, software unit design and
implementation, software unit testing, software integration, cybersecurity
testing, verification of software cybersecurity needs, detailing cybersecurity
evaluation and so on.
When cryptographic technology is needed in the product development stage, it
is necessary to comply with relevant national cryptographic management
provisions.
management end security and so on.
6 Cybersecurity organization management of
automotive electronics systems
6.1 Set organizational structure
Organizations need to attach great importance to cybersecurity; consider
cybersecurity at the strategic level of the organization; specifically reflect it from
the following aspects:
a) Formulate and implement the organization's cybersecurity strategy, policy,
objectives;
b) To implement the leadership responsibility system for cybersecurity, it may
establish a cybersecurity leadership group with the responsibility of
organized senior leaders, to be responsible for the supervision on
formulation and implementation of cybersecurity strategies, policies,
objectives, meanwhile coordinating the cooperation between various
departments;
c) Set up a special institute to be responsible for cultural construction,
information communication, training, cross-departmental resource
allocation and other related work related to cybersecurity;
d) Employees can clearly know the organizational settings and division of
responsibilities related to cybersecurity within the organization.
6.2 Establish a communication and coordination platform
The organization should establish internal and external information
communication and coordination channels for cybersecurity, including but not
limited to the following:
a) Develop a process for individuals or organizations inside or outside the
organization to report on cybersecurity incidents; clarify the interface
between relevant departments within the organization and the
responsibilities that shall be assumed;
b) Develop a process for notifying relevant parties about cybersecurity
incidents; carry o...
Share
