Abstract
ASPICE has been introduced to the development of embedded systems at automotive suppliers to assess the capability of processes. ASPICE covers processes for software, system, quality assurance, configuration management, problem resolution, change management, project management, and supplier monitoring. It defines a scheme for determining the capability of the process based on the underlying PAM. Regarding the new appendix of A-SPICE, HW SPICE is considered because it is also necessary for Cybersecurity, but not mechanical SPICE so far. Based on A-SPICE PRM, VDA has defined new processes for Cybersecurity Engineering, Cybersecurity Risk Management, and Supplier Request and Selection. This means additional effort for the assessors and the engineering team when the ASPICE assessment is extended by processes of Cybersecurity to satisfy the requirements of standard ISO/SAE 21434. This paper investigates the method of mapping the base practices (BP) of the cyber-security process defined by VDA to BP of some A-SPICE processes to reduce the time of an assessment by merging the Base Practices of Processes from Cybersecurity with the Base Practices of Processes from ASPICE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Automotive SPICE for Cybersecurity, 1st edn, Feb. 2021. VDA QMC Working Group 13 (Aug 2021)
Automotive SPICE® Process Reference Model: Process assessment model version 3.1. URL: http://www.automotivespice.com/ (1 Nov 2017)
Automotive SPICE © Guidelines, 2nd edn Nov 2017. VDA QMC Working Group 13 (Nov 2017)
Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Softw.: Evol. Process 24(5), 525–540 (2012)
Automotive SPICE pocket guide version 3 by Kuglermaag (Jan 2019)
ISO 21434ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering, 1st edn (Aug 2021)
Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Zinhom, E. (2022). Utilization of Automotive SPICE Assessments with Cybersecurity Extension. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-031-15559-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15558-1
Online ISBN: 978-3-031-15559-8
eBook Packages: Computer ScienceComputer Science (R0)