首页
关于我们
公司简介
专业团队
合作案例
产品详情
最新资讯
公司动态
知识分享
产品中心
ASPICE
ISO26262
ISO21434
敏捷SPICE
资质培训
工具链
培训课程
联系我们
人才招聘
用心服务·专业技术·合作发展 13524704775
NEWS

最新资讯

当前位置:首页 - 最新资讯 - 知识分享

ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment-亚远景科技

发表时间:2022-08-22 作者:亚远景科技 返回列表

本文将由亚远景科技为您带来ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment。

 

1.ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment

[RQ-06-24] A decision whether to perform a cybersecurity assessment for an item or component shall be made supported by a rational applying a risk-based approach是否对物品或组件进行网络安全评估的决定,应以基于风险的方法的原理为依据

[RQ-06-25] The rationale of [RQ-06-24] shall be reviewed independently[RQ-06-24]的原理应被独立评审

[RQ-06-26] The cybersecurity assessment shall judge the cybersecurity of the item or component网络安全评估应判断相关项或组件的网络安全

[RQ-06-27] A person responsible to plan and perform independently a cybersecurity assessment shall be appointed in accordance with [RQ-06-01]应根据[RQ-06-01]的规定指定负责计划和独立执行网络安全评估的人

[RQ-06-28] A person who carries out a cybersecurity assessment shall have:进行网络安全评估的人应具备:

a) access to the relevant information and tools获取相关信息和工具的权限

b) the cooperation of the personnel performing the cybersecurity activities实施网络安全活动的人员之间的合作

[PM-06-29] A cybersecurity assessment may be based on a judgment of whether the objectives of this document are achieved网络安全评估可基于对本文档目标是否达成的判断

[RQ-06-30] The scope of a cybersecurity assessment shall include:网络安全评估的范围应包括:

a) the cybersecurity plan and all work products identified in the cybersecurity plan网络安全计划和定义在网络安全计划中的所有工作产品

b) the treatment of the cybersecurity risks网络安全风险的处理

c) the appropriateness and effectiveness of implemented cybersecurity controls and cybersecurity activities performed for the projects为项目而实施的网络安全控制和实施的网络安全活动的适当性和有效性

d) The rationales, if provided, that desmostrate, the achievement of the objectives of this document如有提供,说明实现本文件目标的理由

[RQ-06-31] A cybersecurity assessment report shall include a recommendation for acceptance, conditional acceptance, or rejection of the cybersecurity of the item or component网络安全评估报告应包括接受、有条件接受或拒绝相关项或组件网络安全的建议

[RQ-06-32] If a recommendation for conditional acceptance in accordance with [RQ-06-31] is made, then the cybersecurity assessment report shall include the conditions for acceptance如根据[RQ-06-31]的规定提出有条件接受建议,则网络安全评估报告应包括接受条件

 

ASPICE MAN.3 BP4

Define, monitor and adjust project activities

定义、监控和调整项目活动。

CS SPICE SEC.2

Cybersecurity Implementation.

网络安全实施

ASPICE SUP.1 BP2

Assure quality of work products

保证工作产品的质量

 

以上就是亚远景科技带来的ISO/SAE21434网络安全PART 6与ASPICE管理域具体条款Mapping解读(八)Cybersecurity Assessment。

 

亚远景科技,专注于ASPICE,ISO26262,ISO21434等相关培训、咨询和评估认证服务。



咨询