| OEM/customer cybersecurity approval and evidence interface | Supplier security engineering -> vehicle manufacturer/OEM/customer | Requirements, risk assessment method/results, cybersecurity concept, control traceability, V&V evidence, residual-risk records. | Access control, evidence integrity, versioning, audit trail, customer approval workflow, confidentiality for security-sensitive reports. | Explicit Requirement | REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0024 (showing 8 of 157) |
| Diagnostic/service tool to ECU interface | Diagnostic/service tool -> ECU diagnostic server/security services | UDS requests/responses, authentication data, certificates, session state, diagnostic security decisions, negative responses. | Authentication, authorization, secure session, certificate validation, rate limiting, replay protection, logging. | Explicit Requirement | REQ_SEC_0010; REQ_SEC_0011; req-6.20; REQ-AUTO-00282; REQ-AUTO-00284; REQ-AUTO-00290; REQ_UDS-0051; REQ_UDS-0051 (showing 8 of 385) |
| Vehicle network secure data communication interface | Other ECUs / vehicle network <-> product ECU/application | Signals, messages, SDT requests/responses, SecOC-protected data, freshness counters, authentication tags. | Message authentication, integrity, freshness, anti-replay, optional encryption, discard rules for malformed or unauthenticated data. | Inferred from Requirements | REQ-AUTO-00066; REQ-AUTO-00141; req-6.3; REQ-AUTO-00146; REQ-AUTO-00173; REQ-AUTO-00193; REQ-AUTO-00196; REQ-AUTO-00199 (showing 8 of 127) |
| Secure update, flash, and IVD interface | Update/flash backend or programming tool -> ECU update/boot/security services | Software packages, signatures, IVD data, certificates, programming requests, update result logs. | Package authenticity, integrity validation, secure boot linkage, certificate validation, rollback policy, logging. | Inferred from Requirements | REQ-AUTO-00203; REQ-AUTO-00279; REQ-AUTO-00284; REQ-AUTO-00290; REQ_UDS-0051; REQ-AUTO-00297; REQ-AUTO-00298; REQ-AUTO-00302 (showing 8 of 81) |
| Certificate and key provisioning interface | PKI/provisioning authority -> ECU security services / HSM | Keys, certificates, trust anchors, certificate chains, key identifiers, validity metadata. | Key protection, certificate validation, secure provisioning, authorization, audit, lifecycle controls. | Explicit Requirement | REQ_SEC_0016; REQ_SEC_0019; REQ-AUTO-00335; REQ-AUTO-00340; REQ-AUTO-00445; REQ_UDS-0038; REQ_UDS-0068; REQ_UDS-0070 (showing 8 of 69) |
| Backend/cloud/IT operational interface | Backend/cloud/IT systems <-> supplier/OEM/product lifecycle processes | Configuration, release data, software packages, logs, evidence, vulnerability records, security events. | Mutual authentication, transport encryption, authorization, audit logging, least privilege, vulnerability management. | Inferred from Requirements | REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011 (showing 8 of 748) |
| Development, ALM, and evidence tooling interface | Engineering tools / ALM / CI / test systems -> evidence and release artifacts | Requirements, source references, architecture decisions, test reports, traceability matrices, release evidence. | Role-based access, artifact integrity, audit trail, change control, branch/release governance, credential protection. | Explicit Requirement | REQ-AUTO-00001; REQ_SEC_0002; REQ-AUTO-00009; REQ_SEC_0023; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0041; REQ_SEC_0008 (showing 8 of 192) |
| Security operations and vulnerability reporting interface | Product/backend/security monitoring -> supplier and OEM security operations | Security events, logs, vulnerabilities, incident records, penetration-test findings, mitigations, risk treatment decisions. | Confidentiality, integrity, authenticated reporting, audit, incident workflow, retention controls. | Explicit Requirement | REQ_SEC_0002; REQ-AUTO-00009; REQ_SEC_0040; REQ_SEC_0041; REQ_SEC_0044; REQ_SEC_0045; REQ_SEC_0046; REQ_SEC_0032 (showing 8 of 25) |
| Application software to security services interface | Application software -> security services / crypto / diagnostic access control | Requests, messages, state variables, verification results, authorization decisions, security events. | API authorization, fail-closed error handling, input validation, logging, secure key isolation. | Inferred from Requirements | REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ-AUTO-00011; REQ_SEC_0007; REQ_SEC_0008; REQ-AUTO-00021 (showing 8 of 909) |
| Hardware platform and key storage interface | Security services -> hardware platform / protected storage / HSM where available | Keys, certificates, boot measurements, software authenticity status, platform security state. | Key isolation, access control, secure boot, debug restrictions, tamper-aware handling, audit. | Inferred from Requirements | REQ_SEC_0003; REQ_SEC_0040; REQ_SEC_0025; REQ_SEC_0009; REQ_SEC_0010; REQ_SEC_0011; REQ_SEC_0026; REQ_SEC_0016 (showing 8 of 139) |