Ensuring Uptane explicitly references relevant standards #88
Comments
|
@iramcdonald--please edit/revise as needed. |
|
@iramcdonald will we likely need to incorporate any of these references in V. 2.0.0? If so, where do we start? |
|
We should probably do a walk through the Standard to see where specific references to these regulations/standards are specifically warranted. We should also review and update https://github.com/uptane/deployment-considerations/blob/master/regulations_and_standards.md as well. |
|
If the work indicated in the comment above is addressed, I think we we can flag this for 2.1.0. |
|
Agreed that we should scan through the Standard (and Deployment Best Practices?) to see where we should be specific (for either ISO/SAE 21434:2021 or ISO 24089:2023) and flag this work for 2.1.0. |
|
@iramcdonald ...short of having to read through both ISO standards (even if I could access full text without paying an arm and a leg)...is there some type of short hand criteria that could help one evaluate which parts of the texts are relevant to Uptane? I would take on the review myself, but I don't have enough knowledge if the contents of the standards to know what to look for? |
As new standards and regulations emerge, we need to be sure that Uptane references these text, and complies with what they stipulate. Therefore, we need to add text that references SAE J3101 (H/W Protected Security Environments, aka HSMs), ISO/SAE 21434 Road Vehicle Cybersecurity, ISO 24089 Vehicle S/W Update, and others. As @iramcdonald points out, these will be the core specs for security audits for UNECE WP29 regulations by 2022.
The text was updated successfully, but these errors were encountered: