HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (25 Oct 2025)

GB/T 38628-2020 PDF English

US$355.00 · In stock · Download in 9 seconds
GB/T 38628-2020: Information security technology - Cybersecurity guide for automotive electronics system
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 38628-2020English355 Add to Cart 0-9 seconds. Auto-delivery Information security technology - Cybersecurity guide for automotive electronics system Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 38628-2020
      

Similar standards

GB/T 38626   GB/T 38638   GB/T 38671   GB/T 38625   

GB/T 38628-2020: Information security technology - Cybersecurity guide for automotive electronics system


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT38628-2020
NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Cybersecurity guide for automotive electronics system Issued on. APRIL 28, 2020 Implemented on. NOVEMBER 01, 2020 Issued by. State Administration for Market Regulation; Standardization Administration of PRC.

Table of Contents

Foreword... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 6 4 Abbreviations... 8 5 Cybersecurity activity framework of automotive electronic system... 8 6 Cybersecurity organization management of automotive electronics systems ... 12 7 Cybersecurity activities of automotive electronics systems... 16 8 Cybersecurity support for automotive electronic systems... 38 Appendix A (Informative) Typical cybersecurity risks of automotive electronic systems... 44 Appendix B (Informative) Examples of cybersecurity protection measures for automotive electronic systems... 49 Appendix C (Informative) Example of incident handling checklist... 52 References... 53

1 Scope

This standard gives a framework for cybersecurity activities in automotive electronics systems, as well as recommendations for cybersecurity activities, organizational management, support assurance for automotive electronics systems under this framework. This standard is applicable to guide OEMs, parts suppliers, software suppliers, chip suppliers, various service providers, and other organizations in the automotive electronics supply chain to carry out cybersecurity activities, guide relevant personnel to meet the basic cybersecurity needs during design, development, production, operation, service when engaging in automotive electronics systems.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 18336-2015 (all parts) Information technology - Security techniques - Evaluation criteria for IT security GB/T 20984-2007 Information security technology - Risk evaluation specification for information security GB/T 29246-2017 Information technology - Security techniques - Information security management systems - Overview and vocabulary GB/T 30279-2013 Information security technology - Vulnerability classification guide GB/T 31167-2014 Information security technology - Security guide of cloud computing services GB/T 31168-2014 Information security technology - Security capability requirements of cloud computing services GB/T 31509-2015 Information security technology - Guide of implementation for information security risk evaluation GB/T 31722-2015 Information technology - Security techniques - Information security risk management

3 Terms and definitions

The terms and definitions defined in GB/T 29246-2017 as well as the following apply to this document. 3.1 Automotive electronics systems The system that realizes control or service in the automobile through electronic technology, which is a type of embedded system applied in the automotive field, including the vehicle control electronics system and the onboard service electronics system. 3.2 Pending question When conducting security evaluations, cybersecurity threats that cannot be reduced or determined to reduce by existing cybersecurity control measures, as well as the problems that need further analysis and handling in subsequent processes. 3.3 System context A collection which defines the system hardware and software interfaces, key data streams, storage and information processing, etc. 3.4 Attack tree analysis The method of analyzing the possible attack path of the attacker from the aspect of the system application layer. 3.5 Cyber-physical system A system composed of computing components and physical control components. 3.6 Cyber-physical vehicle system The vehicle embedded control system as tightly coupled between the computing and physical components of the system and the surrounding environment of the system.

4 Abbreviations

The following abbreviations apply to this document. CAN. Control Area Network ECU. Electronic Control Unit FOTA. Firmware Over The Air IVI. In-Vehicle Infotainment JTAG. Joint Test Access Group MISRA. Automotive Industry Software Reliability Association

5 Cybersecurity activity framework of automotive electronic system

5.1 Overview The cybersecurity activity framework of automotive electronic system is as shown in Figure 1, which includes automotive electronic system’s cybersecurity activities, organizational management, support guarantees, of which cybersecurity activities are the core of the framework, which mainly refers to the relevant security activities as carried out at various stages of the automotive electronic system’s life cycle. These stages include conceptual design stage, system-level product development stage, hardware-level product development stage, software-level product development stage, product production, operation and service stage. 5.2 Organization management Organization management refers to the organization, personnel capabilities, systems required to carry out cybersecurity activities in automotive electronic systems. 5.3 Cybersecurity activities 5.3.1 Conceptual design stage The conceptual design stage mainly includes activities such as system function definition, cybersecurity process startup, threat analysis and risk evaluation, determination of cybersecurity goal, cybersecurity strategy design, identification of cybersecurity demand, initial cybersecurity evaluation, stage Setup of organization structure Establishment of communication & coordination platform Cybersecurity system and personal training Test and evaluation Stage inspection 5.3.2 Product development stage The product development stage includes the development stage of system- level product, the development stage of hardware-level product, the development stage of software-level product. Figure 2 shows the basic process of the product development stage as well as the relationship between product development at the system level, hardware level, and software level. 5.3.3 Product production, operation and service stage The product production, operation and service stages mainly include field monitoring, incident response, follow-up related incident tracking management. 5.4 Support guarantee The support guarantee of cybersecurity for automotive electronic systems mainly include configuration management, demand management, change management, document management, supply chain management, cloud Initiation of

6 Cybersecurity organization management of

automotive electronics systems 6.1 Set organizational structure Organizations need to attach great importance to cybersecurity; consider cybersecurity at the strategic level of the organization; specifically reflect it from the following aspects. 6.2 Establish a communication and coordination platform The organization should establish internal and external information communication and coordination channels for cybersecurity, including but not limited to the following. 6.3 System construction and employee training The organization should take the cybersecurity system as an important content of organization construction; create, cultivate and maintain the organization's cybersecurity culture, in order to enhance employees' cybersecurity awareness. The organization work can be carried out from the following aspects. 6.4 Test and evaluation 6.4.1 Cybersecurity evaluation team Cybersecurity testing and evaluation should be completed by an experienced and impartial evaluation team; the specific conditions may include. 6.4.2 Cybersecurity test content Vulnerability testing, penetration testing and fuzzy testing are important methods for evaluating an object's cybersecurity capabilities. Among them, vulnerability testing is a more common method, which can include but not limited to the following specific methods. 6.4.3 Cybersecurity evaluation The cybersecurity evaluation is used to verify whether the currently implemented cybersecurity strategy meets cybersecurity requirements and whether it can effectively reduce threats and risks, which may include but not limited to the following. 6.5 Stage inspection Before the end of each stage of the life cycle, it should conduct a stage inspection, to ensure that the activities of the current stage have been completed correctly and consistently before the start of the next stage. The stage inspection can be carried out by an organized group of technical experts, which should be independent of the product development team.

7 Cybersecurity activities of automotive electronics

systems 7.1 Conceptual design stage 7.1.1 Overview The activity flow in the conceptual design stage is as shown in Figure 4, including system function’s definition, cybersecurity process’s start-up, risk evaluation and target’s determination, cybersecurity strategy’s design, cybersecurity demand’s identification, initial cybersecurity evaluation, concept design stage inspection. 7.1.2 Definition of system function The organization should clarify the application scope of the subsystems and functions developed in the automotive electronic system that can implement cybersecurity; analyze them as follows. 7.1.3 Initiation of cybersecurity process When initiating the cybersecurity life cycle process of an automotive electronic system, the organization should formulate a corresponding cybersecurity plan, including but not limited to the following. 7.1.6 Design of cybersecurity policy The organization should determine the policies needed to meet cybersecurity goals, including but not limited to. 7.1.7 Identification of cybersecurity needs The organization should extract and identify cybersecurity needs from the determined cybersecurity objectives, or define specific cybersecurity needs by refining cybersecurity policies. 7.1.8 Initial cybersecurity evaluation The organization should carry out an initial cybersecurity evaluation, which is mainly used to describe the requirements of system functions for cybersecurity at the current stage. The content of the initial evaluation report formed may include but not limited to. 7.1.9 Inspection at conceptual design stage The organization should conduct a stage inspection when the activities in the conceptual design stage are completed, to ensure that all activities in the conceptual stage have been completed and produce an appropriate output. The main content is to check the following. 7.2 System-level product development stage 7.2.1 Overview of process steps 7.2.2 Initiation of system-level product development The organization should initiate cybersecurity activities for system-level product development, which may include. 7.2.5 Identification of cybersecurity technology needs The organization should further determine the cybersecurity technology needs based on the actual situation, which may include the following steps. 7.2.6 System design When carrying out the system design, the organization should follow the established process, tool use and specific process requirements, to design a system that can meet its functional requirements and cybersecurity requirements. 7.2.7 System integration and testing In the integration and testing of system functions, organizations can confirm the following through testing. 7.2.8 Cybersecurity verification In order to ensure that the applied security technology can meet the cybersecurity technology requirements of the system, the organization should verify its effectiveness through an independent cybersecurity evaluation team. The available verification methods include. 7.3 Hardware-level product development stage 7.4 Software-level product development stage 7.4.1 Overview 7.4.2 Initiation of software-level product development The organization should initiate cybersecurity activities for software-level product development, which may include but are not limited to.

8 Cybersecurity support for automotive electronic

systems 8.1 Configuration management Configuration management may include. 8.2 Demand management The goal of demand management is to ensure that demands conform to system characteristics and attributes and are correctly defined, meanwhile ensure consistency of requirements at all stages of the life cycle. The specific content of requirements management may include. 8.3 Change management The goal of change management is to analyze and control the changes of the system or product in the life cycle process, systematically carry out the activities such as the planning of change, the control and monitoring of change, the implementation of change, etc.; form a document to implement the decision- making and responsibility allocation of change. The specific content of change management may include. 8.4 Document management The goal of document management is to formulate a document management strategy for the entire life cycle of the system, to implement an effective and repeatable document management process. The organization needs to formulate a document preparation plan, to ensure that the document is available before the corresponding stage of activities. The following types of documents can be incorporated into document management policy. 8.5 Supply chain management 8.6 Cloud management 8.6.1 Cloud service security Cloud service providers that provide back-end services for automotive electronic systems with networking capabilities should deploy & improve corresponding security measures and establish & improve the security guarantee capabilities of cloud services in accordance with GB/T 31167-2014 and GB/T 31168-2014.Related security measures include but are not limited to. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 38628-2020 be delivered?

Answer: The full copy PDF of English version of GB/T 38628-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 38628-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 38628-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 38628-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 38628-2020?

A step-by-step guide to download PDF of GB/T 38628-2020_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 38628-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9