The Cybersecurity Extension for ASPICE - A View from ASPICE Assessors

Schlager, Christian; Macher, Georg

doi:10.1007/978-3-030-85521-5_27

Christian Schlager⁹ &
Georg Macher⁹

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1442))

Included in the following conference series:

European Conference on Software Process Improvement

3321 Accesses
5 Citations

Abstract

ASPICE has been introduced to development of embedded systems at automotive suppliers to assess the capability of processes. ASPICE covers processes for software, system, quality assurance, configuration management, problem resolution, change management, project management and supplier monitoring. It defines a scheme for determining the capability of the process based on the underlying PAM. HW Spice is also taken into consideration, because it is also necessary for Cybersecurity, but not mechanical Spice.

Based on ASPICE VDA defined processes for Cybersecurity Engineering, Cybersecurity Risk Management and Supplier Request and Selection. This means additional effort for the assessors and also the engineering team when the ASPICE assessment is extended by processes of Cybersecurity to satisfy the requirements of standard ISO/SAE 21434.

This paper investigates for the method of mapping the base practices (BP) of cybersecurity process defined by VDA to BP of ASPICE process(es) to reduce the time of an assessment by merging the Base Practices of Processes from Cybersecurity with the Base Practices of Processes from ASPICE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 109.00; Price excludes VAT (USA)

Softcover Book: USD 139.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Automotive SPICE®for Cybersecurity, VDA QMC Working Group 13 (2021). https://vdaqmc.de/fileadmin/redakteur/Publikationen/Gelbdrucke/ASPICE_for_Cybersecurity_Yellow_Volume_1st_edition_2021.pdf
Automotive Spice V Model, VDA QMC Working Group 13 (2015). http://www.automotivespice.com/fileadmin/software-download/AutomotiveSPICE_PAM_31.pdf
HW Spice, intacs Working Group HW Engineering Processes (2019). https://www.intacs.info/images/uploads/intacs_HW_Engineering_PRM_PAM_v1.0.pdf
Process Assessment Model SPICE for Mechanical Engineering, intacs Working Group MECH Engineering Processes (2020). https://www.intacs.info/images/intacs_documents/PRM_and_PAM/Mechanical_Engineering/SPICE_Mechanical_Engineering%20v1.7.pdf
Levels for processes in ASPICE, VDA QMC Quality Management Center im Auftrag der Automobilindustrie (2015). https://vda-qmc.de/software-prozesse/automotive-spice/
Strassenfahrzeuge, Cybersecurity Engineering, ISO/SAE DIS 21434 (2020)
Google Scholar
Automotive Spice®Guidelines 2nd edn. 2017, VDA QMC Working Group 13, 13 November 2017
Google Scholar
Schlager, C., Messnarz, R., Sporer, H., Riess, A., Mayer, R., Bernhardt, S.: Hardware SPICE extension for automotive SPICE 3.1. In: Larrucea, X., Santamaria, I., O’Connor, R., Messnarz, R. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2018, vol. 896, pp. 480–491. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_41
Chapter Google Scholar
Wegner, T., et al.: Enough assessment guidance, it’s time for improvement – a proposal for extending the VDA guidelines. In: Yilmaz, M., Niemann, J., Clarke, P., Messnarz, R. (eds.) Systems, Software and Services Process Improvement. EuroSPI 2020. Communications in Computer and Information Science, vol. 1251, pp. 462–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56441-4_34
Chapter Google Scholar
SPI Manifesto, European system and software improvement and innovation (2010). https://2020.eurospi.net/images/eurospi/spi_manifesto.pdf
Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA guidelines - using advanced assessment system (2019)
Google Scholar
Sporer, H.: Mechatronic system development (2016). https://diglib.tugraz.at/download.php?id=5891c8351e03a&location=browse

Download references

Author information

Authors and Affiliations

Technische Universität Graz, Graz, Austria
Christian Schlager & Georg Macher

Authors

Christian Schlager
View author publications
You can also search for this author in PubMed Google Scholar
Georg Macher
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Schlager .

Editor information

Editors and Affiliations

Gazi University, Ankara, Turkey
Murat Yilmaz
Dublin City University, Dublin, Ireland
Paul Clarke
I.S.C.N. GesmbH, Graz, Austria
Richard Messnarz
IMC University of Applied Sciences Krems, Krems, Austria
Michael Reiner

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Schlager, C., Macher, G. (2021). The Cybersecurity Extension for ASPICE - A View from ASPICE Assessors. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds) Systems, Software and Services Process Improvement. EuroSPI 2021. Communications in Computer and Information Science, vol 1442. Springer, Cham. https://doi.org/10.1007/978-3-030-85521-5_27

Download citation

DOI: https://doi.org/10.1007/978-3-030-85521-5_27
Published: 25 August 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85520-8
Online ISBN: 978-3-030-85521-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics