« EU: IPアドレスも個人情報とする新判断・承諾なしでのアクセスログの保管は違法に | Main | NIST SP800-181 NICE Cybersecurity Workforce Framework (NCWF) »

2016.10.26

U.S. DOT issues Federal guidance to the automotive industry for improving motor vehicle cybersecurity

 こんにちは、丸山満彦です。米国国家道路交通安全局(NHTSA - National Highway Traffic Safety Administration)が自動車のサイバーセキュリティのガイドをだしていますね・・・パブコメ募集中です・・・

 
■NHTSA - National Highway Traffic Safety Administration
・2016.10.24 U.S. DOT issues Federal guidance to the automotive industry for improving motor vehicle cybersecurity
  ・・Cybersecurity Best Practices for Modern Vehicles


1 Purpose of This Document
2 Scope
3 Background
4 Definitions

5 General Cybersecurity Guidance
 5.1 Layered Approach
 5.2 Information Technology Security Controls

6 Automotive Industry Cybersecurity Guidance
 6.1 Vehicle Development Process With Explicit Cybersecurity Considerations
 6.2 Leadership Priority on Product Cybersecurity
 6.3 Information Sharing
 6.4 Vulnerability Reporting/Disclosure Policy
 6.5 Vulnerability / Exploit / Incident Response Process

 6.6 Self-Auditing
  6.6.1 Risk Assessment
  6.6.2 Penetration Testing and Documentation
  6.6.3 Self-Review

 6.7 Fundamental Vehicle Cybersecurity Protections
  6.7.1 Limit Developer/Debugging Access in Production Devices
  6.7.2 Control Keys
  6.7.3 Control Vehicle Maintenance Diagnostic Access
  6.7.4 Control Access to Firmware
  6.7.5 Limit Ability to Modify Firmware
  6.7.6 Control Proliferation of Network Ports, Protocols and Services
  6.7.7 Use Segmentation and Isolation Techniques in Vehicle Architecture Design
  6.7.8 Control Internal Vehicle Communications
  6.7.9 Log Events
  6.7.10 Control Communication to Back-End Servers
  6.7.11 Control Wireless Interfaces

7 Education
8 Aftermarket Devices
9 Serviceability


|

« EU: IPアドレスも個人情報とする新判断・承諾なしでのアクセスログの保管は違法に | Main | NIST SP800-181 NICE Cybersecurity Workforce Framework (NCWF) »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



TrackBack


Listed below are links to weblogs that reference U.S. DOT issues Federal guidance to the automotive industry for improving motor vehicle cybersecurity:

« EU: IPアドレスも個人情報とする新判断・承諾なしでのアクセスログの保管は違法に | Main | NIST SP800-181 NICE Cybersecurity Workforce Framework (NCWF) »