Terms & Abbreviated terms

Question 1

CAL

Answer 1

Cybersecurity assurance level

Question 2

CVSS

Answer 2

Common vulnerability scoring system

Question 3

E/E

Answer 3

Electrical and electronic

Question 4

ECU

Answer 4

Electronic control unit

Question 5

OBD

Answer 5

On-board diagnostic

Question 6

OEM

Answer 6

Original equipment manufacturer

Question 7

PM

Answer 7

Permission

Question 8

RC

Answer 8

Recommendation

Question 9

RQ

Answer 9

Requirement

Question 10

RASIC

Answer 10

Responsible, accountable, supporting, informed, consulted

Question 11

TARA

Answer 11

Threat analysis and risk assessment

Question 12

WP

Answer 12

Work product

Question 13

3.1.1 architectural design

Answer 13

representation that allows for identification of components (3.1.7), their boundaries,
interfaces and interactions

Question 14

3.1.2 asset

Answer 14

object that has value, or contributes to value Note 1 to entry: An asset has one or more cybersecurity properties (3.1.20) whose compromise can lead to one or more damage scenarios (3.1.22).

Question 15

3.1.3 attack feasibility

Answer 15

attribute of an attack path (3.1.4) describing the ease of successfully carrying out the corresponding set of actions

Question 16

3.1.4 attack path

Answer 16

attack set of deliberate actions to realize a threat scenario (3.1.33)

Question 17

3.1.5 attacker

Answer 17

person, group, or organization that carries out an attack path (3.1.4)

Question 18

3.1.6 audit

Answer 18

examination of a process to determine the extent to which the process objectives are achieved [SOURCE: ISO 26262-1:2018 [1], 3.5, modified — The phrase “with regard to” was substituted by “to determine the extent to which” and “are achieved” was added.]

Question 19

3.1.7 component

Answer 19

part that is logically and technically separable

Question 20

3.1.8 customer

Answer 20

person or organization that receives a service or product
[SOURCE: ISO 9000:2015 [2], 3.2.4, modified — The phrase “could or does receive” was replaced by “receives”, the phrase “that is intended for or required by this person or organization” was omitted, and the example and note 1 to entry were omitted.]

Question 21

3.1.9 cybersecurity road vehicle cybersecurity

Answer 21

condition in which assets (3.1.2) are sufficiently protected against threat scenarios (3.1.33) to items (3.1.25) of road vehicles, their functions and their electrical or electronic components (3.1.7) Note 1 to entry: In this document, for the sake of brevity, the term cybersecurity is used instead of road vehicle cybersecurity.

Question 22

3.1.10 cybersecurity assessment

Answer 22

judgement of cybersecurity (3.1.9)

Question 23

3.1.11 cybersecurity case

Answer 23

structured argument supported by evidence to state that risks (3.1.29) are not unreasonable

Question 24

3.1.12 cybersecurity claim

Answer 24

statement about a risk (3.1.29) Note 1 to entry: The cybersecurity claim can include a justification for retaining or sharing the risk.

Question 25

3.1.13 cybersecurity concept

Answer 25

cybersecurity requirements of the item (3.1.25) and requirements on the operational environment (3.1.26), with associated information on cybersecurity controls (3.1.14)

Question 26

3.1.14 cybersecurity control

Answer 26

measure that is modifying risk (3.1.29) [SOURCE: ISO 31000:2018 [3], 3.8, modified — The word “cybersecurity” was added to the term, the phrase “maintains and/or” was deleted, the notes to entry were deleted.