本文将由亚远景科技为您带来ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读（二）Cybersecurity Planning。

1.ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读（二）Cybersecurity Planning

ISO/SAE21434 6.4.2 Cybersecurity Planning

[RQ-06-02] In order to decide cybersecurity activities needed for item or component, the item or component shall be analysed为了确定相关项或组件所需的网络安全活动，应对相关项或组件进行分析

[RQ-06-03] The cybersecurity plan shall include: Objective of an activity，Dependences on other activities or information，Personnel responsible for performing an activity，Required resources for performing an activity，Starting point or end point, and the expected duration of an activity, Identification of the work products to be produced网络安全计划应该包括：活动目标，对其他活动或信息的依赖，负责执行活动的人员，执行活动所必须的资源，开始点或结束点，以及活动的预期持续时间，产出的工作产品的识别

[RQ-06-04] The responsibilities for developing and maintaining the cybersecurity plan, and for tracking the progress of the cybersecurity activities against the cybersecurity plan shall be assigned in accordance with [RQ-05-03] and [RQ-05-04]应根据[RQ-05-03]和[RQ-05-04]分配制定和维护网络安全计划的职责，以及根据网络安全计划跟踪网络安全活动进度的职责

[RQ-06-05] The cybersecurity plan shall either be: referenced in the project plan for the development, or included in the project plan, such that the cybersecurity activities are distinguishable网络安全计划应为：在项目开发计划中被引用，或者包括在项目计划中，这样网络安全活动是可区分的

[RQ-06-06]The cybersecurity plan shall specify the activities that are required for cybersecurity during the concept and product development phase in accordance with the relevant requirements of Clause 9, 10, 11 and 15 网络安全计划应根据第9章、第10章、第11章和第15章的相关要求，规定概念和产品开发阶段网络安全所需的活动

[RQ-06-07] The cybersecurity plan shall be updated when a change or a refinement of the activities to be performed is identified.当确定要执行的活动发生变更或改进时，应更新网络安全计划

[PM-06-08] For threat scenarios of risk value 1 that are determined from an analysis in accordance with 15.8, conformity with 9.5, Clause 10 and clause 11 may be omitted.对于根据第15.8章要求进行分析确定风险值为1的威胁情景，可省略第9.5章、第10章和第11章的规定要求

[RQ-06-09] The work products identified in the cybersecurity plan shall be updated and maintained for accuracy until and at the release for post-development.网络安全计划中定义的工作产品应进行更新和维护，一直到开发后期发布，以确保其准确性

[RQ-06-10] If cybersecurity activities are distributed, customer and supplier shall each define a cybersecurity plan regarding their repective cybersecurity activities and interface in accordance with Clause 7如果网络安全活动是分布的，客户和供应商应各自根据第7章的要求，就其各自的网络安全活动和接口制定网络安全计划

[RQ-06-11] The cybersecurity plan shall be subject to configuration management and documentation management, in accordance with 5.4.4网络安全计划应按照5.4.4章要求，进行配置管理和文档管理

[RQ-06-12] The work products identified in the cybersecurity plan shall be subject to configuration management, change management, requirements management, and documentation management, in accordance with 5.4.4网络安全计划中定义的工作产品应按照5.4.4章要求进行配置管理、变更管理、需求管理和文档管理

ASPICE MAN.3 Project Management

BP1 Define the scope of work

定义工作范围

Identify the project‘s goals, motivation and boundaries.

识别项目的目标、动机和边界

BP3 Evaluate feasibility of the project

评估项目可行性

Evaluate the feasibility of achieving the goals of the project in terms of technical feasibility within constraints with respect to time, project estimates, and available resources

在时间、项目估算和可用资源的约束条件下，从技术可行性方面，来评估实现项目目标的可行性

BP4 Define, monitor and adjust project activities

定义、监控和调整项目活动

Define, monitor and adjust project activities and their dependencies according to defined project life cycle and estimations. Adjust activities and their dependencies as required

根据已定义的项目生命周期和估算，定义、监控并调整项目活动和项目活动之间的依赖关系。按需调整活动和活动之间的依赖关系

BP7 Identify, monitor and adjust project interfaces and agreed commitments

识别，监控并调整项目接口和约定

Identify and agree interfaces of the project with other (sub-) projects, organizational units and other affected stakeholders and monitor agreed commitments

识别项目与其他项目（子项目）、组织单元及其他受影响的利益相关方的接口，对识别的接口达成一致，并监控约定的承诺

BP8 Define, monitor and adjust project schedule

定义，监控并调整项目时间进度表

Allocate resources to activities, and schedule each activity of the whole project. The schedule has to be kept continuously updated during lifetime of the project

分配资源给活动，并安排整个项目各活动的进度计划。在项目的整个生命周期内，须持续更新进度表

以上就是亚远景科技带来的ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读（二）Cybersecurity Planning。

亚远景科技，专注于ASPICE,ISO26262,ISO21434等相关培训、咨询和评估认证服务。