WELCOME TO ENX ASSOCIATION
The feasibility of a Vehicle Cyber Security (VCS) Audit was successfully proven in a project conducted until 12 October 2023. Following the recommendations of the project group, which has worked on the VCS audit scheme over the last two years, ENX Association is entering into preparation of phase 2 of the development, making audits available to more participants.
The ENX VCS (Vehicle Cybersecurity Audit Scheme) is aimed at automotive suppliers, who are concerned with development or production, or maintenance of electrical and electronic systems for road vehicles. The audit scheme offers standardized CSMS (Cybersecurity management system) audits by implementing the ISO/PAS 5112 in the context of the ISO/SAE 21434 and leveraging the existing and established audit framework of ENX Association.
Together with ISA version 6 becoming effective, we are going to also implement some changes to TISAX Assessment Objectives and the respective TISAX Labels. This affects the existing “Info High” and “Info Very High” labels. The changes for these “Info” labels follow the path already laid out described in the article New TISAX labels for availability.
In the beginning of the year, ENX has introduced new labels for availability to TISAX. This was the beginning of a split of the “Info” (“Info High” and “Info Very High”) labels. With the release of ISA 6 we will now conclude the split and introduce “Confidential” and “Strictly Confidential” as the logical addition to the already existing “availability” labels.
These new Labels will become mandatory for all new TISAX Assessments that are ordered after April 1st 2024. Assessments that have been started according to the...
Today, a new Version 6 of ISA has been published and is now available for download. ISA 6 is the newest major revision of the ISA Catalogue that defines the baseline and best practices for information and cyber security of organizations in the automotive industry.
ISA 6 significantly improves requirements on incident and crisis management, adds new controls and requirements to strengthen resilience to Ransomware and APT further, and reconfirmed its applicability to shopfloor IT and OT by mapping and referencing the ISA/IEC 62443-2 standard.
ISA 6 will become mandatory for all new TISAX Assessments that are ordered after April 1st 2024. Audits that have been started according to the old ISA 5.1 standard (including corrective-action-plan assessments, follow-ups, and scope-extension-assessments) can still be completed using the old standard.
The increasing digitalization of vehicle systems due to automated driving, connectivity and new mobility concepts has led to increased demands on cybersecurity in electrical and electronic (E/E) systems for vehicles across the supply chain of the automotive industry.
Our VCS Working group consisting of experts from automotive manufacturers and leading suppliers and service providers for E/E components has investigated in great depth to what extent a useful VCS audit is feasible within the ENX audit ecosystem. This study has been completed, a project report along with the developed vehicle cyber security audit (VCSA) questionnaire is now available.