Acquisition and integration of supplier components
You’ve started planning project and cybersecurity activities and in the process of doing so, you’ve identified several components that you must source for your project. You have two choices: use an off-the-shelf component that has been developed for a wide range of use cases without consideration of your exact product or work with a third party on developing or adapting an existing component to fit your product needs. In both cases, you want to demonstrate that your integrated product is still compliant with ISO/SAE 21434, regardless of the security maturity level of such components. By integrating a new component, you are essentially exposed to the inherited cybersecurity risks of that component. To address those risks, you have to achieve the following objectives:
- Identify ISO/SAE 21434 compliance gaps in the component
- Assess whether the component is capable of fulfilling your allocated cybersecurity requirements...
