What is ISO 21434 and how to comply with ISO 21434.
September 9, 2019

What is ISO/SAE 21434? Compliance Tips for Automotive Software Developers

Security & Compliance
Static Analysis

ISO/SAE 21434 is an automotive cybersecurity standard currently under development. It’s titled “Road vehicles — cybersecurity engineering”.

Complying with this standard will be critical for automotive product development. OEMs, their suppliers, and developers of automotive components will all need to comply.

Here, we provide an overview of what is expected in ISO/SAE 21434, and tips for automotive software development teams.

ISO/SAE 21434 Overview

ISO/SAE 21434 will cover all stages of a vehicle's lifecycle — from design through to decommissioning. It will apply to a vehicle’s electronic systems, components and software, plus any external connectivity. What's more, ISO/SAE 21434 will provide developers with a comprehensive approach to implementing security safeguards that spans the entire supplier chain.

Why ISO/SAE 21434 Is Important

The intent behind ISO/SAE 21434 is to provide a structured process to ensure that cybersecurity is incorporated into automotive design at the beginning of the project. In addition, the standard will enable automakers and suppliers to demonstrate due diligence in implementing  cybersecurity engineering.

ISO/SAE 21434 Compliance

It will be easier to comply with ISO/SAE 21434 when you have the right development tools. And, it will be even easier when those tools have already been certified by an independent organization. Helix QAC, for instance, is already certified by SGS-TÜV Saar for use in the development of safety-critical systems. It can be supplied with a tool certification kit, which makes the path to compliance much simpler.

A static analysis tool will help you to meet development guidelines for the production of safe, secure, and reliable software. In addition, Helix QAC’s security-focused CERT compliance module helps you to verify that your software is free from common code security vulnerabilities.

Using a static code analyzer — like Helix QAC — helps you accelerate compliance by:

  • Enforcing coding standards and detecting rule violations.
  • Detecting compliance issues earlier in development.
  • Accelerating code reviews and manual testing efforts.
  • Reporting on compliance over time and across product versions.

See how Helix QAC will help you accelerate compliance. Request a trial to learn more.