The Milestones for Compliance with the ISO/SAE 21434 Standard

Karamba Security | March 27, 2023

Which of these milestones has your organization reached, so far?

The ISO/SAE 21434 standard covers all stages of a vehicle’s cybersecurity lifecycle, from designs through decommission, and implementation of security safeguards throughout the supply chain. Although ISO/SAE 21434 is a relatively new standard, there are already compelling milestones that pave the way to complete compliance.

We can divide the standard into four major requirements:

  • Risk assessment and management – where organizations must identify, assess, and manage cybersecurity risks, and create a plan to address cyber incidents
  • Security controls – requiring organizations to implement cyber risk mitigations such as Authentication and Integrity
  • Information sharing – which obligates manufacturers to share information with suppliers, customers, and other stakeholders
  • Mitigation strategies – to minimize the impact of incidents on automotive systems

These significant requirements align with a 15-section structure and additional annexes. The projected milestones are listed below.

  • Sections 1-4: General organizational project topics such as scope, terms and abbreviations, and a cybersecurity ecosystem.
  • Section 5: Organizational cybersecurity management aspects. Cybersecurity governance, cybersecurity culture, policies and strategies.
  • Section 6: Project-specific cybersecurity management. Planning and identifying the extent of the risk.
  • Section 7: Distributed cybersecurity activities that include sub-suppliers’ distribution and Cybersecurity Interface Agreements for development.
  • Section 8: Continual cybersecurity activities requiring monitoring and analyzing vulnerabilities, and vulnerability management throughout the vehicle lifecycle.
  • Section 9: The concept phase: determining cybersecurity risks, defining cybersecurity-related goals, and developing the cybersecurity concept.
  • Sections 10-11: Production development: Design, integration, verification, and validation of cybersecurity controls, related to all items at the ECU level and at the vehicle level.
  • Sections 12-13-14: Post-development processes that include: manufacturing and assembly, operation, maintenance, incident response and updates, and cybersecurity considerations for end of support and decommissioning of an item or component.
  • Section 15: Includes modular methods for TARA scenarios; Serves as the input to the concept phase (Section 9).

Read more

Continue the conversation!

Want to learn more?

Contact Us


24 HaNagar Street
Hod Hasharon
Tel: +972 9 88 66 113



41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA



Landstr. 264, Munich
Tel: +49 892 1547 7583