HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 40861-2021 PDF English

US$260.00 · In stock · Download in 9 seconds
GB/T 40861-2021: General technical requirements for vehicle cybersecurity
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 40861-2021English260 Add to Cart 0-9 seconds. Auto-delivery General technical requirements for vehicle cybersecurity Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 40861-2021
      

Similar standards

GB/T 40856   GB/T 40855   GB/T 40857   

GB/T 40861-2021: General technical requirements for vehicle cybersecurity

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT40861-2021
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 430.020 CCS T 40 General Technical Requirements for Vehicle Cybersecurity Issued on. OCTOBER 11, 2021 Implemented on. MAY 01, 2022 Issued by. State Administration for Market Regulation; Standardization Administration of PRC.

Table of Contents

Foreword... 3 Introduction... 4 1 Scope... 6 2 Normative References... 6 3 Terms and Definitions... 6 4 Abbreviations... 8 5 Protected Objects... 9 5.1 General... 9 5.2 In-vehicle system... 9 5.3 Out-of-vehicle communication... 10 6 Technical Requirements... 10 6.1 Principled requirements... 10 6.2 Systematic defence strategy requirements... 11 6.3 Protection dimension requirements... 12 Appendix A (Informative) Information Security Threats... 18 Bibliography... 23

1 Scope

This Document specifies the protected objects and technical requirements of vehicle cybersecurity. This Document is applicable to M and N categories of vehicles, their electrical and electronic systems and components.

2 Normative References

The provisions in following documents become the provisions of this Document through reference in this Document. For the dated documents, only the versions with the dates indicated are applicable to this Document; for the undated documents, only the latest version (including all the amendments) is applicable to this Document. GB/T 29246-2017 Information Technology - Security Techniques - Information Security Management Systems - Overview and Vocabulary GB/T 34590.3-2017 Road Vehicles - Functional Safety - Part 3.Concept Phase

3 Terms and Definitions

For the purposes of this Document, the terms and definitions given in GB/T 29246- 2017 and the following apply. 3.1 Vehicle cybersecurity The electronic and electrical systems, components and functions of the vehicle are protected, so that its assets are not threatened. 3.2 Authenticity An entity is a characteristic of the entity it claims. 3.3 Confidentiality The characteristic that information is unavailable or non-disclosed to unauthorized individuals, entities, or processes. 3.4 Integrity Accurate and complete characteristics. 3.5 Availability Accessible and usable characteristics according to the requirements of authorized entities. 3.6 Access controllability The characteristic that is authorized and restricted based on the business and security requirements to ensuring the access to the asset.

4 Abbreviations

The following abbreviations are applicable to this Document. CAN. Controller Area Network; Dos. Denial of Service; DDoS. Distributed Denial of Service; ECU. Electronic Control Unit; FTP. File Transfer Protocol; HSM. Hardware Secure Module; ICCID. Integrate Circuit Card Identity; IMSI. International Mobile Subscriber Identity; JTAG. Local Interconnect Network; LIN. Local Interconnect Network; OBD. On-Board Diagnostics; TCM. Trusted Cryptography Module; TEE. Trusted Execution Environments; Telnet. Telecommunication Network Protocol; V2X. Vehicle to Everything; Wi-Fi. Wireless Fidelity.

5 Protected Objects

5.1 General According to the category of protected objects, automobiles can be divided into three types of sub-protected objects. in-vehicle systems, out-of-vehicle communications, and out-of-vehicle systems, as shown in Figure 2. 5.2 In-vehicle system The in-vehicle system is divided into the following sub-protected objects. 5.3 Out-of-vehicle communication The out-of-vehicle communication is divided into the following sub-protected objects.

6 Technical Requirements

6.1 Principled requirements 6.1.1 Principle of business suitability The information security design of the product shall be combined with the actual needs of the business or functional environment, while considering the impact on the normal use of the business or function. 6.1.2 Principle of no backdoor for software The software system shall not have a backdoor. 6.1.3 Principle of function minimization The useless software components, protocol ports, and ECU hardware debugging interfaces shall be disabled or removed; device pin information should not be exposed. 6.1.4 Principle of minimize authorization Only necessary permissions shall be granted for product access and information processing activities. 6.1.5 Principle of permissions separation The information processing activities of important protected objects shall have two or more authorities; and each authority shall be separated from each other and granted separately. 6.1.6 Principle of default settings The product shall complete the default information security settings; this setting shall minimize and simplify the user's information security requirements. 6.2 Systematic defence strategy requirements 6.2.1 General The product can adopt one of the following systemic defence strategies. 6.2.2 Requirements for Defence-in-depth The Defence-in-depth meets the following requirements. 6.2.3 Requirements for active defence The active defence shall adopt measures including but not limited to intelligence sharing, intrusion detection technology, dynamic adjustment of information security strategies, and coordination among various information security modules to reduce the risks faced by information systems when they are attacked by networks. 6.2.4 Requirements for resilience defence Information security design shall comprehensively consider reliability, functional safety and other aspects of engineering design to improve the survivability and self-healing ability of the system. 6.3 Protection dimension requirements 6.3.1 Protection requirements for the in-vehicle system 6.3.1.1 Protection requirements for software systems 6.3.1.2 Protection requirements for electronic and electrical hardware 6.3.1.3 Protection requirements for in-vehicle data 6.3.1.4 Protection requirements for in-vehicle communication 6.3.1.4.1 Authenticity In-vehicle communication shall verify the authenticity of the identities of the communicating parties. 6.3.1.4.2 Confidentiality In-vehicle communication shall be encrypted and protected. 6.3.1.4.3 Integrity In-vehicle communication shall adopt an integrity protection mechanism. 6.3.1.4.4 Availability In-vehicle communication shall have the ability to control communication flow. EXAMPLE. When being infected by malware software or denial-of-service attack and causing abnormal communication traffic in the vehicle, it is still able to provide acceptable communication. 6.3.1.4.5 Access controllability In-vehicle communication shall meet the following access controllability requirements. 6.3.1.4.6 Accountability In-vehicle communication shall have the ability to log records. Example. Record phenomena such as traffic overload and abnormal messages received at a high frequency. 6.3.1.4.7 Preventability In-vehicle communication shall have the ability to perceive abnormal messages; when abnormal messages are perceived, they should have the ability to alert or other safe responses. 6.3.2 Protection requirements for out-of-vehicle communication 6.3.2.1 Protection requirements for long-distance communication outside the vehicle 6.3.2.1.3 Integrity The long-distance communication outside the vehicle shall meet the following integrity requirements. 6.3.2.1.4 Availability The components communicating with the outside shall support DoS/DDoS attacks. 6.3.2.2 Protection requirements for short-distance communication outside the vehicle 6.3.2.2.1 Authenticity The identity authentication function shall be turned on for short-distance communication outside the vehicle. 6.3.2.2.2 Confidentiality Encryption function shall be turned on for short-distance communication outside the vehicle. 6.3.2.2.3 Integrity The integrity protection function shall be turned on for short-distance communication outside the vehicle. 6.3.2.2.4 Availability The components communicating with the outside shall support DoS/DDoS attacks. 6.3.2.2.5 Accountability The short-distance communication outside the vehicle shall have the ability to record the security-related events of the short-distance communication information; the content of the record should include the ID of the visiting user and the communication time. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.


      

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 40861-2021 be delivered?

Answer: The full copy PDF of English version of GB/T 40861-2021 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 40861-2021_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 40861-2021_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 40861-2021 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 40861-2021?

A step-by-step guide to download PDF of GB/T 40861-2021_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 40861-2021".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9