System Capability Matrix

Product and cybersecurity architecture understanding package generated from Markdown-derived requirements.

Capability Matrix

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

CapabilityProduct RoleArchitecture ComponentInterfacesSecurity RelevanceEvidence StatusOpen Decision
Clutch Actuation ControlCore actuator controlApplication Software / System CoreVehicle Network Interface (CAN)Safety-relevant command/status handlingConfirmedConfirm final variant scope
Vehicle Integration and CAN CommunicationVehicle command/status exchangeExternal Interfaces / Application SoftwareVehicle Network Interface (CAN), PWM wake-upMessage authenticity/freshness allocationConfirmedConfirm signal catalog and SecOC/SDT scope
Secure Diagnostics and Role-Based AccessControlled service and engineering accessDiagnostic Server / Security ServicesDiagnostic Tester InterfacePrivileged access controlInferredConfirm roles, service list and lockout policy
Secure Software Update and FlashMaintain trusted ECU softwareBootloader / Update LogicUpdate / Flash Interface, Diagnostic Tester InterfaceSoftware authenticity and integrityInferredConfirm signing chain, rollback and ownership
Key and Certificate HandlingTrust-material lifecycleSecurity Services / Hardware PlatformPKI / Provisioning InterfaceRoot of trust for diagnostics, update and secure communicationInferredConfirm HSM capability, key hierarchy and PKI ownership
Secure Data Transfer / Communication BoundaryProtected security-relevant data exchangeSecurity Services / External InterfacesVehicle Network Interface, Secure Data Transfer InterfaceAuthenticity, integrity and freshnessInferredConfirm protected signals and freshness model
Security Logging and Event HandlingSecurity evidence and response inputSecurity Services / Backend and IT SystemsLogging / Event Reporting InterfaceAuditability and incident supportInferredConfirm event set, storage and reporting path
Cybersecurity Lifecycle and EvidenceApproval-ready security caseCompliance Process / Engineering ToolchainSupplier Evidence, OEM Approval InterfaceTraceable residual-risk argumentConfirmedConfirm DIA split and approval authority

Capability Cards

Clutch Actuation Control

Purpose: Core actuator control

Component mapping: Application Software / System Core

Interface mapping: Vehicle Network Interface (CAN)

Security mapping: Safety-relevant command/status handling

Evidence strength: Confirmed

Open decision: Confirm final variant scope

Vehicle Integration and CAN Communication

Purpose: Vehicle command/status exchange

Component mapping: External Interfaces / Application Software

Interface mapping: Vehicle Network Interface (CAN), PWM wake-up

Security mapping: Message authenticity/freshness allocation

Evidence strength: Confirmed

Open decision: Confirm signal catalog and SecOC/SDT scope

Secure Diagnostics and Role-Based Access

Purpose: Controlled service and engineering access

Component mapping: Diagnostic Server / Security Services

Interface mapping: Diagnostic Tester Interface

Security mapping: Privileged access control

Evidence strength: Inferred

Open decision: Confirm roles, service list and lockout policy

Secure Software Update and Flash

Purpose: Maintain trusted ECU software

Component mapping: Bootloader / Update Logic

Interface mapping: Update / Flash Interface, Diagnostic Tester Interface

Security mapping: Software authenticity and integrity

Evidence strength: Inferred

Open decision: Confirm signing chain, rollback and ownership

Key and Certificate Handling

Purpose: Trust-material lifecycle

Component mapping: Security Services / Hardware Platform

Interface mapping: PKI / Provisioning Interface

Security mapping: Root of trust for diagnostics, update and secure communication

Evidence strength: Inferred

Open decision: Confirm HSM capability, key hierarchy and PKI ownership

Secure Data Transfer / Communication Boundary

Purpose: Protected security-relevant data exchange

Component mapping: Security Services / External Interfaces

Interface mapping: Vehicle Network Interface, Secure Data Transfer Interface

Security mapping: Authenticity, integrity and freshness

Evidence strength: Inferred

Open decision: Confirm protected signals and freshness model

Security Logging and Event Handling

Purpose: Security evidence and response input

Component mapping: Security Services / Backend and IT Systems

Interface mapping: Logging / Event Reporting Interface

Security mapping: Auditability and incident support

Evidence strength: Inferred

Open decision: Confirm event set, storage and reporting path

Cybersecurity Lifecycle and Evidence

Purpose: Approval-ready security case

Component mapping: Compliance Process / Engineering Toolchain

Interface mapping: Supplier Evidence, OEM Approval Interface

Security mapping: Traceable residual-risk argument

Evidence strength: Confirmed

Open decision: Confirm DIA split and approval authority

Capability-to-Component Map

flowchart LR subgraph Capabilities["System capabilities"] Actuation["Clutch actuation"] Diagnostics["Secure diagnostics"] UpdateCap["Secure update"] Keys["Key and certificate handling"] Evidence["Cybersecurity evidence"] end subgraph Components["Architecture components"] App["Application software"] DiagSrv["Diagnostic server"] Boot["Bootloader / update logic"] Sec["Security services"] Tooling["Engineering evidence toolchain"] end Actuation --> App Diagnostics --> DiagSrv Diagnostics --> Sec UpdateCap --> Boot UpdateCap --> Sec Keys --> Sec Evidence --> Tooling Evidence --> Sec
Mermaid source 
flowchart LR
  subgraph Capabilities["System capabilities"]
    Actuation["Clutch actuation"]
    Diagnostics["Secure diagnostics"]
    UpdateCap["Secure update"]
    Keys["Key and certificate handling"]
    Evidence["Cybersecurity evidence"]
  end
  subgraph Components["Architecture components"]
    App["Application software"]
    DiagSrv["Diagnostic server"]
    Boot["Bootloader / update logic"]
    Sec["Security services"]
    Tooling["Engineering evidence toolchain"]
  end
  Actuation --> App
  Diagnostics --> DiagSrv
  Diagnostics --> Sec
  UpdateCap --> Boot
  UpdateCap --> Sec
  Keys --> Sec
  Evidence --> Tooling
  Evidence --> Sec
Long feature explanations and evidence

Detailed Feature Model

This feature model groups Markdown-derived requirement clusters into system-security architecture domains. It is not a flat requirement repeat.

Core Product Capabilities

Feature: Application software behavior

Feature ID: FEAT-X001

Purpose

Define supplier-controlled software behavior that realizes the extracted system and security requirements inside the ECU or application scope.

User/System Value

Gives the product a concrete software responsibility instead of treating the RFQ as only a document checklist.

Requirement Basis

Functional Scope

Application logic, protocol handling, state handling, error handling, and allocation of software-side requirements.

Out of Scope / Not Confirmed

The exact application function, user-facing behavior, timing budget, and production ECU variant are not confirmed.

Interfaces Involved

Vehicle network, internal security services, diagnostics, backend/tooling where called by requirements.

Data Handled

Application state, protocol messages, configuration, diagnostic responses, security-relevant processing results.

Security Relevance

Software behavior is where malformed input handling, authorization decisions, freshness checks, and protected data processing become enforceable.

  • Authorization
  • Secure communication
  • Logging and audit
  • Secure diagnostics

Impacted Architecture Elements

  • Application Software
  • System Core
  • Security Services

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Clarify ambiguous or incomplete source wording.
  • Confirm whether this statement is a binding requirement.
  • Review possible noise/boilerplate contamination.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00006; REQ_SEC_0007; REQ-AUTO-00129; REQ-AUTO-00178; REQ-AUTO-00180; REQ-AUTO-00238; REQ-AUTO-00244; REQ-AUTO-00266; REQ-AUTO-00277; REQ-AUTO-00286 (showing 10 of 179)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/3299216_1.md page 19; converted/markdown-cleaned/3299216_1.md page 27; converted/markdown-cleaned/3299216_1.md page 40; converted/markdown-cleaned/3299216_1.md page 41; converted/markdown-cleaned/3299216_1.md page 50; converted/markdown-cleaned/3299216_1.md page 59 (showing 8 of 88)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Feature: Secure communication

Feature ID: FEAT-X002

Purpose

Address the extracted requirement cluster named Secure communication.

User/System Value

Provides a traceable product capability from the current requirements.

Requirement Basis

  • Related requirements: REQ-AUTO-00455
  • Source sections/pages: converted/markdown-cleaned/CVS123-2.md page 40

Functional Scope

Scope is limited to requirements extracted from cleaned Markdown.

Out of Scope / Not Confirmed

Detailed behavior needs customer confirmation.

Interfaces Involved

Unknown until interface allocation is confirmed.

Data Handled

Unknown or requirement-specific data.

Security Relevance

Security relevance needs detailed review.

  • Needs Customer Clarification

Impacted Architecture Elements

  • System Core

Confidence Level

Medium

Classification

Needs Customer Clarification

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00455
  • Source Markdown sections/pages: converted/markdown-cleaned/CVS123-2.md page 40
  • Confidence level: Medium
  • Classification: Needs Customer Clarification

Feature: System behavior

Feature ID: FEAT-X003

Purpose

Capture the expected behavior of the Electric Clutch Actuator ECU boundary before decomposing it into hardware, software, tooling, and operations.

User/System Value

Keeps the system-level intent visible while detailed requirements remain traceable.

Requirement Basis

Functional Scope

System behavior, stakeholder approvals, compliance obligations, timing/state requirements, and customer-facing deliverables.

Out of Scope / Not Confirmed

The package does not prove the complete vehicle function or end-user feature set.

Interfaces Involved

OEM/customer interface, vehicle network, supplier engineering flow, evidence flow.

Data Handled

Requirements, system states, approvals, evidence, release information.

Security Relevance

System behavior defines where security objectives attach and where residual risks must be agreed.

  • Compliance and evidence management
  • Vulnerability and incident handling

Impacted Architecture Elements

  • System Core
  • Compliance Process

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Clarify ambiguous or incomplete source wording.
  • Confirm whether this statement is a binding requirement.
  • Review possible noise/boilerplate contamination.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00021; REQ_SEC_0020; REQ_SEC_0012; REQ_SEC_0013; REQ-AUTO-00028; REQ_SEC_0014; REQ-AUTO-00030; REQ_SEC_0028 (showing 10 of 388)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12; converted/markdown-cleaned/3299216_1.md page 3 (showing 8 of 153)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Vehicle/ECU Integration Capabilities

Feature: Hardware platform support

Feature ID: FEAT-X004

Purpose

Represent ECU hardware, platform, connector, memory, and security hardware obligations implied by the source requirements.

User/System Value

Makes clear that the cybersecurity concept must be allocated across both hardware and software.

Requirement Basis

Functional Scope

ECU platform support, hardware protection, debug/physical exposure concerns, and implementation allocation.

Out of Scope / Not Confirmed

The exact MCU, HSM, memory map, connector pinout, and production hardware variant are not confirmed.

Interfaces Involved

Internal hardware/software interface, diagnostic access boundary, physical/service access.

Data Handled

Keys, certificates, firmware, platform state, debug/service data.

Security Relevance

Hardware is part of key protection, secure boot, anti-tamper posture, and diagnostic attack resistance.

  • Secure boot and platform integrity
  • Key management
  • Secure diagnostics

Impacted Architecture Elements

  • Hardware Platform
  • Security Services

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Clarify ambiguous or incomplete source wording.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0025; REQ_SEC_0010; REQ_SEC_0011; REQ_SEC_0026; REQ_SEC_0047; REQ_SEC_0049; REQ_SEC_0050; REQ-AUTO-00060; REQ-AUTO-00061; REQ-AUTO-00065 (showing 10 of 45)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12; converted/markdown-cleaned/3299216_1.md page 4; converted/markdown-cleaned/3299216_1.md page 7; converted/markdown-cleaned/3299216_1.md page 11; converted/markdown-cleaned/3299216_1.md page 15 (showing 8 of 36)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Communication and Connectivity Capabilities

Feature: External interfaces

Feature ID: FEAT-X005

Purpose

Identify communication touchpoints where the product exchanges data with vehicle, backend, customer, supplier, diagnostic, or tooling actors.

User/System Value

Creates the bridge from requirements to attack surface review.

Requirement Basis

Functional Scope

External message paths, data exchanged, interface purpose, and protection needs.

Out of Scope / Not Confirmed

Protocol stack, exact network topology, endpoint ownership, and message catalog are not fully confirmed.

Interfaces Involved

Vehicle network, diagnostic tool, backend/cloud, OEM/customer, development/evidence tooling.

Data Handled

Messages, signals, requests/responses, certificates, software packages, logs, security events.

Security Relevance

Interfaces are the main places where authentication, authorization, encryption, freshness, replay protection, and logging must be designed.

  • Secure communication
  • Authentication
  • Certificate lifecycle
  • Logging and audit

Impacted Architecture Elements

  • External Interfaces
  • Security Services
  • Backend and IT Systems

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • Review possible noise/boilerplate contamination.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0036; REQ-AUTO-00066; REQ-AUTO-00078; REQ-AUTO-00138; REQ-AUTO-00139; REQ-AUTO-00141; REQ-AUTO-00143; REQ-AUTO-00145; REQ-AUTO-00146; REQ-AUTO-00177 (showing 10 of 44)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/3299216_1.md page 4; converted/markdown-cleaned/3299216_1.md page 8; converted/markdown-cleaned/3299216_1.md page 22; converted/markdown-cleaned/3299216_1.md page 23; converted/markdown-cleaned/3299216_1.md page 27; converted/markdown-cleaned/3299216_1.md page 31; converted/markdown-cleaned/3299216_1.md page 33 (showing 8 of 26)
  • Confidence level: Medium
  • Classification: Explicit Requirement

Feature: Secure communication and freshness protection

Feature ID: FEAT-X006

Purpose

Protect vehicle or client/server data exchanges against unauthorized origin, modification, replay, and stale state.

User/System Value

Turns SecOC/SDT-style requirements into a coherent communication security behavior.

Requirement Basis

Functional Scope

Authentication/encryption, verify/decrypt processing, counters, replay checks, and discard behavior for invalid traffic.

Out of Scope / Not Confirmed

Exact algorithms, key lengths, message IDs, and bus allocation need customer confirmation.

Interfaces Involved

Vehicle network, ECU-to-ECU communication, client/server SDT flows.

Data Handled

Protected signals, counters, request/response payloads, authentication tags.

Security Relevance

This feature directly protects integrity, authenticity, freshness, and in some cases confidentiality of vehicle data.

  • Secure communication
  • Cryptographic protection
  • Key management

Impacted Architecture Elements

  • External Interfaces
  • Security Services
  • Application Software

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Confirm whether this statement is a binding requirement.

Evidence Basis:

Diagnostic and Maintenance Capabilities

Feature: Diagnostic security

Feature ID: FEAT-X007

Purpose

Control diagnostic access so service and engineering tools cannot become an uncontrolled security bypass.

User/System Value

Allows maintenance while preserving ECU security goals.

Requirement Basis

Functional Scope

Diagnostic authentication, access control, request validation, negative responses, and secure sessions.

Out of Scope / Not Confirmed

Exact diagnostic roles, tester certificates, and service whitelist are not fully confirmed.

Interfaces Involved

Diagnostic tool, UDS services, ECU diagnostic server, security services.

Data Handled

Diagnostic requests, responses, session state, credentials, certificates, unlock state.

Security Relevance

Diagnostics can alter state, extract data, or trigger programming; it needs strong access control and audit.

  • Secure diagnostics
  • Authentication
  • Authorization
  • Logging and audit

Impacted Architecture Elements

  • External Interfaces
  • Security Services
  • Application Software

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: req-6.20; REQ-AUTO-00282; REQ-AUTO-00290; REQ-AUTO-00299; REQ-AUTO-00310; REQ-AUTO-00315; REQ-AUTO-00318; REQ-AUTO-00350; REQ-AUTO-00370; REQ-AUTO-00372 (showing 10 of 30)
  • Source Markdown sections/pages: converted/markdown-cleaned/3299216_1.md page 23; converted/markdown-cleaned/CVS123-2.md page 4; converted/markdown-cleaned/CVS123-2.md page 6; converted/markdown-cleaned/CVS123-2.md page 9; converted/markdown-cleaned/CVS123-2.md page 10; converted/markdown-cleaned/CVS123-2.md page 21; converted/markdown-cleaned/CVS123-2.md page 22; converted/markdown-cleaned/CVS123-2.md page 23 (showing 8 of 23)
  • Confidence level: Medium
  • Classification: Explicit Requirement

Cybersecurity Capabilities

Feature: Authentication

Feature ID: FEAT-X008

Purpose

Prove the identity or validity of tools, communication partners, data sources, software, or ECU-related entities.

User/System Value

Prevents unauthenticated entities from driving privileged behavior.

Requirement Basis

Functional Scope

Entity authentication, message/source authentication, service authentication, and authentication failure handling.

Out of Scope / Not Confirmed

The final identity model and trust anchors require customer confirmation.

Interfaces Involved

Diagnostic, vehicle network, backend/update, certificate/key provisioning.

Data Handled

Credentials, certificates, authentication tags, session state.

Security Relevance

Authentication is a prerequisite for authorization, secure diagnostics, secure update, and protected communication.

  • Identity and access control
  • Certificate lifecycle
  • Secure communication

Impacted Architecture Elements

  • Security Services

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0008; REQ-AUTO-00333; REQ-AUTO-00334; REQ-AUTO-00832; REQ-AUTO-00892; REQ-AUTO-00895; REQ-AUTO-00907; REQ-AUTO-00933; REQ-AUTO-00934; REQ-AUTO-00935 (showing 10 of 30)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/CVS123-2.md page 12; converted/markdown-cleaned/CVS151.md page 19; converted/markdown-cleaned/CVS31.md page 8; converted/markdown-cleaned/CVS31.md page 11; converted/markdown-cleaned/CVS31.md page 16; converted/markdown-cleaned/CVS31.md page 18; converted/markdown-cleaned/CVS31.md page 19 (showing 8 of 14)
  • Confidence level: Medium
  • Classification: Explicit Requirement

Feature: Certificate handling

Feature ID: FEAT-X009

Purpose

Manage certificate formats, validation, trust anchors, and certificate-related lifecycle behavior.

User/System Value

Supports scalable trust for diagnostics, update, backend, and vehicle communication.

Requirement Basis

Functional Scope

X.509/certificate handling, validation expectations, and certificate-based trust decisions.

Out of Scope / Not Confirmed

CA hierarchy, enrollment, revocation, storage, and renewal process need confirmation.

Interfaces Involved

PKI, diagnostic tools, backend/update services, ECU security services.

Data Handled

Certificates, chains, trust anchors, validity metadata.

Security Relevance

Incorrect certificate handling can defeat authentication and secure communication.

  • Key and certificate management
  • Identity and access control
  • Secure communication

Impacted Architecture Elements

  • Security Services
  • Backend and IT Systems

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00818; REQ-AUTO-00821; REQ-AUTO-00839; REQ-AUTO-00951; REQ-AUTO-00953
  • Source Markdown sections/pages: converted/markdown-cleaned/CVS151.md page 11; converted/markdown-cleaned/CVS151.md page 12; converted/markdown-cleaned/CVS151.md page 26; converted/markdown-cleaned/CVS31.md page 19
  • Confidence level: Medium
  • Classification: Explicit Requirement

Feature: Key management

Feature ID: FEAT-X010

Purpose

Protect cryptographic keys across generation, storage, use, update, and retirement.

User/System Value

Keeps communication, diagnostics, update, and platform integrity controls trustworthy.

Requirement Basis

Functional Scope

Key storage, use restrictions, provisioning assumptions, and cryptographic material handling.

Out of Scope / Not Confirmed

Key hierarchy, HSM APIs, rotation, ownership, and recovery are not fully confirmed.

Interfaces Involved

Security services, hardware platform/HSM, PKI/provisioning, backend/update.

Data Handled

Symmetric keys, private keys, public keys, certificates, key identifiers.

Security Relevance

Key compromise collapses multiple controls at once.

  • Cryptographic protection
  • Key and certificate management

Impacted Architecture Elements

  • Security Services
  • Hardware Platform

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0016; REQ_SEC_0019; REQ_UDS-0068; REQ_UDS-0070; REQ_UDS-0092; REQ-AUTO-00875; REQ-AUTO-00991; REQ-AUTO-01014; REQ-AUTO-01017; REQ-AUTO-01022 (showing 10 of 13)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/CVS124.md page 34; converted/markdown-cleaned/CVS124.md page 40; converted/markdown-cleaned/CVS154.md page 11; converted/markdown-cleaned/CVS32.md page 4; converted/markdown-cleaned/CVS32.md page 10; converted/markdown-cleaned/CVS32.md page 11; converted/markdown-cleaned/CVS32.md page 12 (showing 8 of 9)
  • Confidence level: Medium
  • Classification: Explicit Requirement

Feature: Logging and audit trail

Feature ID: FEAT-X011

Purpose

Record security-relevant actions and decisions for investigation, compliance, and operational feedback.

User/System Value

Supports accountability and incident analysis.

Requirement Basis

  • Related requirements: REQ_SEC_0051
  • Source sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12

Functional Scope

Security event capture, audit evidence, and traceability to requirements or validation results.

Out of Scope / Not Confirmed

Log format, storage, retention, privacy, and upload path require customer confirmation.

Interfaces Involved

ECU logging, backend/security operations, ALM/evidence flow.

Data Handled

Security events, diagnostic attempts, update results, audit records.

Security Relevance

Logging is how misuse, failed controls, and residual-risk evidence become visible.

  • Logging and audit
  • Security monitoring and detection

Impacted Architecture Elements

  • Security Services
  • Backend and IT Systems

Confidence Level

High

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0051
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12
  • Confidence level: High
  • Classification: Explicit Requirement

Backend/IT/Tooling Capabilities

Feature: Backend and IT integration

Feature ID: FEAT-X012

Purpose

Represent backend, IT, server, portal, and offboard workflows referenced by the requirements.

User/System Value

Shows that security architecture extends beyond the ECU boundary where update, evidence, monitoring, or supplier workflows are involved.

Requirement Basis

Functional Scope

Backend connectivity, IT systems, supplier/OEM portals, storage of evidence or operational security data.

Out of Scope / Not Confirmed

Cloud provider, API contracts, hosting ownership, and network zones are not confirmed.

Interfaces Involved

Backend/cloud, supplier IT, OEM/customer systems, ECU/update path.

Data Handled

Software packages, certificates, logs, vulnerability data, evidence, configuration.

Security Relevance

Backend compromise can affect update integrity, certificate lifecycle, evidence integrity, and operational response.

  • Backend/cloud security
  • Secure update
  • Logging and audit

Impacted Architecture Elements

  • Backend and IT Systems
  • External Interfaces

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Clarify ambiguous or incomplete source wording.
  • Review possible noise/boilerplate contamination.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00081; REQ-AUTO-00090; REQ-AUTO-00091; req.10.5; REQ-AUTO-00101; REQ-AUTO-00104; req-5.10; req-6.4; REQ-AUTO-00112; REQ-AUTO-00114 (showing 10 of 209)
  • Source Markdown sections/pages: converted/markdown-cleaned/3299216_1.md page 9; converted/markdown-cleaned/3299216_1.md page 10; converted/markdown-cleaned/3299216_1.md page 11; converted/markdown-cleaned/3299216_1.md page 12; converted/markdown-cleaned/3299216_1.md page 13; converted/markdown-cleaned/3299216_1.md page 14; converted/markdown-cleaned/3299216_1.md page 15; converted/markdown-cleaned/3299216_1.md page 20 (showing 8 of 103)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Feature: Engineering tooling

Feature ID: FEAT-X013

Purpose

Capture engineering, build, test, and evidence tooling needed to produce and prove the cybersecurity work products.

User/System Value

Makes development and verification responsibilities visible in the architecture package.

Requirement Basis

Functional Scope

ALM, build/test tooling, verification evidence, traceability artifacts, review workflows.

Out of Scope / Not Confirmed

Tool names, integrations, access model, and retention policy are not confirmed.

Interfaces Involved

Supplier engineering, ALM, CI/test environment, OEM/customer evidence handoff.

Data Handled

Requirements, test reports, traceability, artifacts, build outputs.

Security Relevance

Toolchain integrity affects trust in delivered software and evidence.

  • Development and toolchain security
  • Compliance and evidence management

Impacted Architecture Elements

  • Engineering Toolchain
  • Compliance Process

Confidence Level

Medium

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00093; REQ-AUTO-00094; REQ-AUTO-00098
  • Source Markdown sections/pages: converted/markdown-cleaned/3299216_1.md page 10; converted/markdown-cleaned/3299216_1.md page 11
  • Confidence level: Medium
  • Classification: Explicit Requirement

Operational and Lifecycle Capabilities

Feature: Incident response

Feature ID: FEAT-X014

Purpose

Provide a lifecycle path for handling confirmed or suspected cybersecurity incidents.

User/System Value

Connects product security signals to customer and supplier response obligations.

Requirement Basis

  • Related requirements: REQ_SEC_0045
  • Source sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10

Functional Scope

Incident identification, escalation, documentation, and customer communication assumptions.

Out of Scope / Not Confirmed

Severity model, reporting timelines, and operational owner are not confirmed.

Interfaces Involved

Security operations, OEM/customer, supplier support, backend/tooling.

Data Handled

Incident records, logs, evidence, mitigation status.

Security Relevance

Incident response limits damage and provides evidence after preventive controls fail.

  • Vulnerability and incident handling
  • Logging and audit

Impacted Architecture Elements

  • Compliance Process
  • Backend and IT Systems

Confidence Level

High

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0045
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10
  • Confidence level: High
  • Classification: Explicit Requirement

Feature: Secure software update and flash readiness

Feature ID: FEAT-X015

Purpose

Ensure software update, flash, and IVD-related flows preserve authenticity, integrity, and regulatory evidence.

User/System Value

Supports UNECE-style software update obligations and safe maintenance of E/E components.

Requirement Basis

Functional Scope

Update package handling, flash/programming paths, integrity validation data, and update evidence.

Out of Scope / Not Confirmed

Update transport, campaign management, rollback policy, and production signing chain need confirmation.

Interfaces Involved

Backend/update infrastructure, diagnostic/programming tool, ECU boot/update manager, PKI.

Data Handled

Software packages, signatures, IVD data, certificates, programming requests, update logs.

Security Relevance

Unauthorized or corrupted software undermines ECU authenticity and all data security goals.

  • Secure software update
  • Secure boot and platform integrity
  • Key and certificate management

Impacted Architecture Elements

  • Backend and IT Systems
  • Security Services
  • Hardware Platform

Confidence Level

High

Classification

Inferred from Requirements

Open Questions

  • Clarify ambiguous or incomplete source wording.
  • Confirm whether this statement is a binding requirement.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00203; REQ-AUTO-00290; REQ_UDS-0051; REQ-AUTO-00297; REQ-AUTO-00302; REQ-AUTO-00303; REQ-AUTO-00306; REQ-AUTO-00307; REQ-AUTO-00311; REQ-AUTO-00312 (showing 10 of 121)
  • Source Markdown sections/pages: converted/markdown-cleaned/3299216_1.md page 34; converted/markdown-cleaned/CVS123-2.md page 6; converted/markdown-cleaned/CVS124.md page 26; converted/markdown-cleaned/CVS123-2.md page 7; converted/markdown-cleaned/CVS123-2.md page 9; converted/markdown-cleaned/CVS123-2.md page 10; converted/markdown-cleaned/CVS123-2.md page 11; converted/markdown-cleaned/CVS123-2.md page 12 (showing 8 of 48)
  • Confidence level: High
  • Classification: Inferred from Requirements

Feature: Vulnerability management

Feature ID: FEAT-X016

Purpose

Identify, assess, treat, verify, and communicate vulnerabilities and risks over releases.

User/System Value

Keeps the system secure beyond a single development milestone.

Requirement Basis

  • Related requirements: REQ_SEC_0002; REQ-AUTO-00051
  • Source sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11

Functional Scope

Risk assessment, vulnerability evaluation, penetration-test readiness, mitigation tracking, release impact review.

Out of Scope / Not Confirmed

Customer-specific vulnerability intake SLAs and tool workflow are not confirmed.

Interfaces Involved

OEM/customer, supplier security team, development tooling, incident process.

Data Handled

Vulnerability records, risk treatment decisions, mitigation evidence, release notes.

Security Relevance

Unmanaged vulnerabilities become residual risk without ownership.

  • Vulnerability and incident handling
  • Compliance and evidence management

Impacted Architecture Elements

  • Compliance Process
  • Engineering Toolchain
  • Security Services

Confidence Level

High

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ_SEC_0002; REQ-AUTO-00051
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11
  • Confidence level: High
  • Classification: Explicit Requirement

Compliance and Evidence Capabilities

Feature: Cybersecurity requirement handling

Feature ID: FEAT-X017

Purpose

Maintain a verifiable chain from cybersecurity requirements to controls, implementation, validation, residual risk, and customer agreement.

User/System Value

Turns the RFQ into an auditable security engineering package instead of disconnected controls.

Requirement Basis

Functional Scope

Cybersecurity concept, risk assessment input, control derivation, verification/validation evidence, residual risk documentation.

Out of Scope / Not Confirmed

Final TARA results and customer-approved risk treatment are not claimed.

Interfaces Involved

OEM/customer, supplier engineering, ALM/evidence repository, security review process.

Data Handled

Requirements, risks, controls, test reports, residual-risk decisions, review evidence.

Security Relevance

Evidence discipline is required to prove that controls exist and reduce risk sufficiently.

  • Compliance and evidence management
  • Vulnerability and incident handling

Impacted Architecture Elements

  • Compliance Process
  • Security Services
  • Engineering Toolchain

Confidence Level

High

Classification

Explicit Requirement

Open Questions

  • None identified from extracted requirements.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005 (showing 10 of 18)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/3299216_1.md page 25 (showing 8 of 9)
  • Confidence level: High
  • Classification: Explicit Requirement

Feature: Security evidence and traceability

Feature ID: FEAT-X018

Purpose

Provide proof that requirements, controls, architecture decisions, verification, validation, and residual risk remain connected.

User/System Value

Gives reviewers a way to audit security decisions before accepting the architecture.

Requirement Basis

Functional Scope

Traceability matrices, evidence reports, human-review queues, quality gates, and open decisions.

Out of Scope / Not Confirmed

Customer acceptance workflow and evidence repository ownership are not confirmed.

Interfaces Involved

ALM/evidence repository, OEM/customer review, supplier security process.

Data Handled

Requirement IDs, source sections, controls, test reports, decisions, open questions.

Security Relevance

Without evidence traceability, control implementation cannot be credibly argued.

  • Compliance and evidence management
  • Development and toolchain security

Impacted Architecture Elements

  • Compliance Process
  • Engineering Toolchain

Confidence Level

Medium

Classification

Inferred from Requirements

Open Questions

  • Confirm whether this statement is a binding requirement.
  • Review possible noise/boilerplate contamination.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ-AUTO-00005; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0007; REQ-AUTO-00076; REQ-AUTO-00150; REQ-AUTO-00172 (showing 10 of 47)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/3299216_1.md page 5; converted/markdown-cleaned/3299216_1.md page 23; converted/markdown-cleaned/3299216_1.md page 27; converted/markdown-cleaned/3299216_1.md page 50; converted/markdown-cleaned/CVS123-2.md page 10 (showing 8 of 31)
  • Confidence level: Medium
  • Classification: Inferred from Requirements
Feature-to-Interface Mapping
FeatureDomainInterfacesEvidence basisClassification
Application software behaviorCore Product CapabilitiesVehicle network, internal security services, diagnostics, backend/tooling where called by requirements.REQ-AUTO-00006; REQ_SEC_0007; REQ-AUTO-00129; REQ-AUTO-00178; REQ-AUTO-00180; REQ-AUTO-00238; REQ-AUTO-00244; REQ-AUTO-00266; REQ-AUTO-00277; REQ-AUTO-00286 (showing 10 of 179)Inferred from Requirements
Secure communicationCore Product CapabilitiesUnknown until interface allocation is confirmed.REQ-AUTO-00455Needs Customer Clarification
System behaviorCore Product CapabilitiesOEM/customer interface, vehicle network, supplier engineering flow, evidence flow.REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00021; REQ_SEC_0020; REQ_SEC_0012; REQ_SEC_0013; REQ-AUTO-00028; REQ_SEC_0014; REQ-AUTO-00030; REQ_SEC_0028 (showing 10 of 388)Inferred from Requirements
Hardware platform supportVehicle/ECU Integration CapabilitiesInternal hardware/software interface, diagnostic access boundary, physical/service access.REQ_SEC_0025; REQ_SEC_0010; REQ_SEC_0011; REQ_SEC_0026; REQ_SEC_0047; REQ_SEC_0049; REQ_SEC_0050; REQ-AUTO-00060; REQ-AUTO-00061; REQ-AUTO-00065 (showing 10 of 45)Inferred from Requirements
External interfacesCommunication and Connectivity CapabilitiesVehicle network, diagnostic tool, backend/cloud, OEM/customer, development/evidence tooling.REQ_SEC_0036; REQ-AUTO-00066; REQ-AUTO-00078; REQ-AUTO-00138; REQ-AUTO-00139; REQ-AUTO-00141; REQ-AUTO-00143; REQ-AUTO-00145; REQ-AUTO-00146; REQ-AUTO-00177 (showing 10 of 44)Explicit Requirement
Secure communication and freshness protectionCommunication and Connectivity CapabilitiesVehicle network, ECU-to-ECU communication, client/server SDT flows.REQ-AUTO-00410; REQ-AUTO-00867; REQ-AUTO-00889; REQ-AUTO-00890; REQ-AUTO-00992; REQ-AUTO-00993; REQ-AUTO-00994; REQ-AUTO-00995; REQ-AUTO-00997; REQ-AUTO-00999 (showing 10 of 90)Inferred from Requirements
Diagnostic securityDiagnostic and Maintenance CapabilitiesDiagnostic tool, UDS services, ECU diagnostic server, security services.req-6.20; REQ-AUTO-00282; REQ-AUTO-00290; REQ-AUTO-00299; REQ-AUTO-00310; REQ-AUTO-00315; REQ-AUTO-00318; REQ-AUTO-00350; REQ-AUTO-00370; REQ-AUTO-00372 (showing 10 of 30)Explicit Requirement
AuthenticationCybersecurity CapabilitiesDiagnostic, vehicle network, backend/update, certificate/key provisioning.REQ_SEC_0008; REQ-AUTO-00333; REQ-AUTO-00334; REQ-AUTO-00832; REQ-AUTO-00892; REQ-AUTO-00895; REQ-AUTO-00907; REQ-AUTO-00933; REQ-AUTO-00934; REQ-AUTO-00935 (showing 10 of 30)Explicit Requirement
Certificate handlingCybersecurity CapabilitiesPKI, diagnostic tools, backend/update services, ECU security services.REQ-AUTO-00818; REQ-AUTO-00821; REQ-AUTO-00839; REQ-AUTO-00951; REQ-AUTO-00953Explicit Requirement
Key managementCybersecurity CapabilitiesSecurity services, hardware platform/HSM, PKI/provisioning, backend/update.REQ_SEC_0016; REQ_SEC_0019; REQ_UDS-0068; REQ_UDS-0070; REQ_UDS-0092; REQ-AUTO-00875; REQ-AUTO-00991; REQ-AUTO-01014; REQ-AUTO-01017; REQ-AUTO-01022 (showing 10 of 13)Explicit Requirement
Logging and audit trailCybersecurity CapabilitiesECU logging, backend/security operations, ALM/evidence flow.REQ_SEC_0051Explicit Requirement
Backend and IT integrationBackend/IT/Tooling CapabilitiesBackend/cloud, supplier IT, OEM/customer systems, ECU/update path.REQ-AUTO-00081; REQ-AUTO-00090; REQ-AUTO-00091; req.10.5; REQ-AUTO-00101; REQ-AUTO-00104; req-5.10; req-6.4; REQ-AUTO-00112; REQ-AUTO-00114 (showing 10 of 209)Inferred from Requirements
Engineering toolingBackend/IT/Tooling CapabilitiesSupplier engineering, ALM, CI/test environment, OEM/customer evidence handoff.REQ-AUTO-00093; REQ-AUTO-00094; REQ-AUTO-00098Explicit Requirement
Incident responseOperational and Lifecycle CapabilitiesSecurity operations, OEM/customer, supplier support, backend/tooling.REQ_SEC_0045Explicit Requirement
Secure software update and flash readinessOperational and Lifecycle CapabilitiesBackend/update infrastructure, diagnostic/programming tool, ECU boot/update manager, PKI.REQ-AUTO-00203; REQ-AUTO-00290; REQ_UDS-0051; REQ-AUTO-00297; REQ-AUTO-00302; REQ-AUTO-00303; REQ-AUTO-00306; REQ-AUTO-00307; REQ-AUTO-00311; REQ-AUTO-00312 (showing 10 of 121)Inferred from Requirements
Vulnerability managementOperational and Lifecycle CapabilitiesOEM/customer, supplier security team, development tooling, incident process.REQ_SEC_0002; REQ-AUTO-00051Explicit Requirement
Cybersecurity requirement handlingCompliance and Evidence CapabilitiesOEM/customer, supplier engineering, ALM/evidence repository, security review process.REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005 (showing 10 of 18)Explicit Requirement
Security evidence and traceabilityCompliance and Evidence CapabilitiesALM/evidence repository, OEM/customer review, supplier security process.REQ-AUTO-00001; REQ_SEC_0001; REQ-AUTO-00005; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0007; REQ-AUTO-00076; REQ-AUTO-00150; REQ-AUTO-00172 (showing 10 of 47)Inferred from Requirements
Feature-to-Security Capability Mapping
FeatureSecurity capabilitiesEvidence basisConfidenceClassification
Application software behaviorAuthorization; Secure communication; Logging and audit; Secure diagnosticsREQ-AUTO-00006; REQ_SEC_0007; REQ-AUTO-00129; REQ-AUTO-00178; REQ-AUTO-00180; REQ-AUTO-00238; REQ-AUTO-00244; REQ-AUTO-00266; REQ-AUTO-00277; REQ-AUTO-00286 (showing 10 of 179)MediumInferred from Requirements
Secure communicationNeeds Customer ClarificationREQ-AUTO-00455MediumNeeds Customer Clarification
System behaviorCompliance and evidence management; Vulnerability and incident handlingREQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00021; REQ_SEC_0020; REQ_SEC_0012; REQ_SEC_0013; REQ-AUTO-00028; REQ_SEC_0014; REQ-AUTO-00030; REQ_SEC_0028 (showing 10 of 388)MediumInferred from Requirements
Hardware platform supportSecure boot and platform integrity; Key management; Secure diagnosticsREQ_SEC_0025; REQ_SEC_0010; REQ_SEC_0011; REQ_SEC_0026; REQ_SEC_0047; REQ_SEC_0049; REQ_SEC_0050; REQ-AUTO-00060; REQ-AUTO-00061; REQ-AUTO-00065 (showing 10 of 45)MediumInferred from Requirements
External interfacesSecure communication; Authentication; Certificate lifecycle; Logging and auditREQ_SEC_0036; REQ-AUTO-00066; REQ-AUTO-00078; REQ-AUTO-00138; REQ-AUTO-00139; REQ-AUTO-00141; REQ-AUTO-00143; REQ-AUTO-00145; REQ-AUTO-00146; REQ-AUTO-00177 (showing 10 of 44)MediumExplicit Requirement
Secure communication and freshness protectionSecure communication; Cryptographic protection; Key managementREQ-AUTO-00410; REQ-AUTO-00867; REQ-AUTO-00889; REQ-AUTO-00890; REQ-AUTO-00992; REQ-AUTO-00993; REQ-AUTO-00994; REQ-AUTO-00995; REQ-AUTO-00997; REQ-AUTO-00999 (showing 10 of 90)MediumInferred from Requirements
Diagnostic securitySecure diagnostics; Authentication; Authorization; Logging and auditreq-6.20; REQ-AUTO-00282; REQ-AUTO-00290; REQ-AUTO-00299; REQ-AUTO-00310; REQ-AUTO-00315; REQ-AUTO-00318; REQ-AUTO-00350; REQ-AUTO-00370; REQ-AUTO-00372 (showing 10 of 30)MediumExplicit Requirement
AuthenticationIdentity and access control; Certificate lifecycle; Secure communicationREQ_SEC_0008; REQ-AUTO-00333; REQ-AUTO-00334; REQ-AUTO-00832; REQ-AUTO-00892; REQ-AUTO-00895; REQ-AUTO-00907; REQ-AUTO-00933; REQ-AUTO-00934; REQ-AUTO-00935 (showing 10 of 30)MediumExplicit Requirement
Certificate handlingKey and certificate management; Identity and access control; Secure communicationREQ-AUTO-00818; REQ-AUTO-00821; REQ-AUTO-00839; REQ-AUTO-00951; REQ-AUTO-00953MediumExplicit Requirement
Key managementCryptographic protection; Key and certificate managementREQ_SEC_0016; REQ_SEC_0019; REQ_UDS-0068; REQ_UDS-0070; REQ_UDS-0092; REQ-AUTO-00875; REQ-AUTO-00991; REQ-AUTO-01014; REQ-AUTO-01017; REQ-AUTO-01022 (showing 10 of 13)MediumExplicit Requirement
Logging and audit trailLogging and audit; Security monitoring and detectionREQ_SEC_0051HighExplicit Requirement
Backend and IT integrationBackend/cloud security; Secure update; Logging and auditREQ-AUTO-00081; REQ-AUTO-00090; REQ-AUTO-00091; req.10.5; REQ-AUTO-00101; REQ-AUTO-00104; req-5.10; req-6.4; REQ-AUTO-00112; REQ-AUTO-00114 (showing 10 of 209)MediumInferred from Requirements
Engineering toolingDevelopment and toolchain security; Compliance and evidence managementREQ-AUTO-00093; REQ-AUTO-00094; REQ-AUTO-00098MediumExplicit Requirement
Incident responseVulnerability and incident handling; Logging and auditREQ_SEC_0045HighExplicit Requirement
Secure software update and flash readinessSecure software update; Secure boot and platform integrity; Key and certificate managementREQ-AUTO-00203; REQ-AUTO-00290; REQ_UDS-0051; REQ-AUTO-00297; REQ-AUTO-00302; REQ-AUTO-00303; REQ-AUTO-00306; REQ-AUTO-00307; REQ-AUTO-00311; REQ-AUTO-00312 (showing 10 of 121)HighInferred from Requirements
Vulnerability managementVulnerability and incident handling; Compliance and evidence managementREQ_SEC_0002; REQ-AUTO-00051HighExplicit Requirement
Cybersecurity requirement handlingCompliance and evidence management; Vulnerability and incident handlingREQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005 (showing 10 of 18)HighExplicit Requirement
Security evidence and traceabilityCompliance and evidence management; Development and toolchain securityREQ-AUTO-00001; REQ_SEC_0001; REQ-AUTO-00005; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0007; REQ-AUTO-00076; REQ-AUTO-00150; REQ-AUTO-00172 (showing 10 of 47)MediumInferred from Requirements
Feature Open Points
  • REQ-AUTO-00006: Review possible noise/boilerplate contamination.
  • REQ_SEC_0040: Confirm whether this statement is a binding requirement.
  • REQ_SEC_0041: Confirm whether this statement is a binding requirement.
  • req-6.3: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00146: Review possible noise/boilerplate contamination.
  • Req.ID-Description-6.22.1: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00171: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00175: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00190: Confirm whether this statement is a binding requirement. | Clarify ambiguous or incomplete source wording.
  • REQ-AUTO-00246: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00249: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00250: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00272: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00278: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00279: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00284: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00292: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0051: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00294: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0051: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00298: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00317: Clarify ambiguous or incomplete source wording.
  • REQ-AUTO-00335: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00337: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00338: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0051: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00343: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00378: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00420: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00480: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00485: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00488: Review possible noise/boilerplate contamination.
  • REQ-AUTO-00492: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0003: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0004: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0006: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0007: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0008: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0010: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0014: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0015: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0016: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0017: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0020: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0339: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0340: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0341: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0023: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0025: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0030: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0032: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0033: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0036: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0037: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0038: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0041: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0045: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0049: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0051: Clarify ambiguous or incomplete source wording.
  • REQ_UDS-0305: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0306: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0316: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0328: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00563: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0073: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0074: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0078: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00588: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0345: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0346: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0347: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0348: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0349: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0093: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0259: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0094: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0095: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00629: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00634: Clarify ambiguous or incomplete source wording.
  • REQ_UDS-0103: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0104: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0105: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0107: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00652: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0113: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0114: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0116: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0117: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0118: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0120: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0295: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0123: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0134: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0135: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0136: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00704: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0163: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0167: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0169: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0208: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0209: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0215: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0217: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0218: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0220: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0221: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0222: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0339: Confirm whether this statement is a binding requirement.
  • REQ_UDS-0003: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00785: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00843: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00859: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00866: Review possible noise/boilerplate contamination.
  • REQ-AUTO-00880: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00932: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00947: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00988: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-00996: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-01013: Confirm whether this statement is a binding requirement.
  • REQ-AUTO-01056: Confirm whether this statement is a binding requirement.