Contents
Foreword 4
1.0. Objective 6
1.1. Background 6
2.0. Vehicle Sector Cybersecurity Issues and Activities 8
2.0.1. Vehicle Sector Cybersecurity Issues and Challenges 8
2.0.2. Vehicle Sector Cybersecurity Activities 9
3.0. Application of the NIST Risk Management Framework 10
3.0.1. Overview of NIST Risk Management Framework 10
3.0.2. Application of the NIST RMF to the Vehicle Sector 12
RMF Step 1. Assess Threat Model/Use Cases 13
RMF Step 2. Categorize Vehicle Systems 14
RMF Step 3. Select Security Controls 17
RMF Step 4. Implement Security Controls 20
RMF Step 5. Assess Security Controls 22
RMF Step 6. Monitor Security Controls 22
4.0. Observations 23
Appendix: References 25
Table 1. Modern Vehicle Security Categorization Example Using NIST SP 800-60 and FIPS 199 15
Figure 1. NIST Risk Management Framework (RMF) 11
Figure 2. Modified NIST Risk Management Framework for the Vehicle Sector 13
Figure 3. Depiction of Reference Architecture 20
Figure 4. Aircraft Information Domains and Interconnections Reference Architecture 20