ISO/SAE 21434

Статті, гайди й товари, позначені тегом «ISO/SAE 21434» — об'єднаний перелік усіх матеріалів каталогу за цією темою.

Гайд користувача

Інженерія управління конфігураціями електросамоката як 34-та engineering axis: configuration-discipline meta-axis — ISO 10007:2017 + IEEE 828:2012 + SAE EIA-649C + DO-178C SCM + ISO 26262-8 + ITIL 4 + CMMI v2.0 + NIST SP 800-128

Інженерний deep-dive у configuration management (CM) engineering як 34-ту engineering axis і 7-му process meta-axis. Описує systematic discipline відповіді на питання «що саме встановлено у конкретному фізичному та цифровому продукті в конкретний момент часу, як ми це знаємо, як це змінити контрольовано, і як це довести postfactum?». Покриває: ISO 10007:2017 *Quality management — Guidelines for configuration management* (non-prescriptive guidance над усіма іншими CM standards, aligned з ISO 9001:2015); IEEE 828-2012 *Standard for Configuration Management in Systems and Software Engineering* (вимоги до CM processes, CM Plan structure, minimum activities); SAE EIA-649C:2019 *Configuration Management Standard* (5 CM функцій + 37 principles, національний consensus standard); SAE EIA-649-1A:2020 *Configuration Management Requirements for Defense Contracts*; DO-178C airborne software SCM (Section 7 + Table A-8 з 6 SCM objectives applicable до software level A/B/C/D); ISO 26262-8:2018 automotive functional-safety supporting processes (clause 7 configuration management + clause 8 change management + clause 9 verification + clause 10 documentation); ITIL 4 *Service Configuration Management* practice + CMDB (Configuration Management Database) + CMS (Configuration Management System); CMMI v2.0 *Configuration Management* practice area (2 capability levels); NIST SP 800-128 *Guide for Security-Focused Configuration Management of Information Systems* (SecCM); MIL-STD-973 (cancelled 2000) + MIL-STD-3046 (interim, US Army); ISO/IEC/IEEE 24765:2017 vocabulary; CM principal artifacts (CMP / configuration item / configuration baseline / change request / CCB / SCAR / FCA / PCA); CM concepts (identification / change control / status accounting / verification + audit / build management / release management); e-scooter-specific concerns (firmware versioning BMS + ESC + display controller + companion app + OTA update integrity, BOM revisions + part interchangeability matrix, serial number / lot number → BOM revision lookup, recall management workflow per NHTSA + EU Safety Gate + UK PSD, TSB (Technical Service Bulletin) lifecycle, software bill of materials SBOM per NTIA + EO 14028 + EU CRA Annex I § 1.2.f). 33-row cross-axis matrix мапить CM concept до кожної з 33 попередніх engineering axes (battery cell lot traceability + brake pad compound revision + motor stator winding revision + tire compound revision + EMC pre-compliance vs production unit + cybersecurity firmware signing + DPIA-relevant data processor changes + V&V test report revision); 8-step DIY owner CM «tells» checklist (firmware version visibility in display / app + serial-number stickers location + BOM revision letter on PCB silkscreen + recall lookup capability via VIN/serial + service manual revision date + warranty BOM verification + change-log discipline of OTA updates + spare-part interchangeability documentation).

21.05.2026 15 хв читання

Гайд користувача

Інженерія кібербезпеки електросамоката: ETSI EN 303 645 V3.2.0:2024-12 baseline (13 provisions для consumer IoT — no default password, vulnerability disclosure RFC 9116, secure update, secure storage, secure communication), ISO/SAE 21434:2021 road-vehicle cybersecurity engineering (TARA threat analysis + risk assessment), ISO/SAE 24089:2023 software update engineering, UNECE R155 CSMS (Cybersecurity Management System) обов'язковий для type-approval нових типів з 07-2022, UNECE R156 SUMS (Software Update Management System), EU Cyber Resilience Act 2024/2847 (Regulation 2024-10-23, applicability 2027-12-11 + reporting obligations 2026-09-11), NIST SP 800-193:2018 Platform Firmware Resilience Guidelines (Protection-Detection-Recovery RoT), NIST SP 800-183 IoT Networks of Things, IEC 62443-4-1/-4-2 secure product development lifecycle, Bluetooth Core 5.4 LE Secure Connections з ECDH P-256 (заміна Just Works як baseline), IEEE 802.11i WPA3-Personal SAE Dragonfly key exchange, RFC 9116 security.txt responsible-disclosure, attack surface (BLE pairing Just Works/Numeric Comparison/Passkey Entry/OOB, Bluetooth protocol attacks KNOB CVE-2019-9506 + BIAS CVE-2020-10135 + BLURtooth CVE-2020-15802 + BLESA CVE-2020-9770, firmware via JTAG/SWD/USB DFU, motor controller CAN bus, mobile app↔cloud TLS, OTA update channel signing, GPS spoofing, smart-battery BMS handshake, hardware UART debug eFuse), mitigation (LE Secure Connections ECDH P-256 + mutual TLS certificate pinning + secure boot signed bootloader + signed firmware AES-256 + anti-rollback monotonic counter + HSM/secure element ATECC608B/NXP A1006/SE050 + SBOM SPDX CycloneDX + RFC 9116 security.txt + Coordinated Vulnerability Disclosure ISO/IEC 29147:2018 + penetration testing ISTQB), incidents (Xiaomi M365 BLE anti-lock bypass 2019 Zimperium Rani Idan, Lime BLE replay attack 2019, Bird/Lime API IDOR 2020, Ninebot ES1/ES2/ES4 BLE pwd 888888 vulnerability, Tier/Voi unauthorized unlock 2022, hoverboard CVE catalogue 2018)

Інженерний deep-dive у кібербезпеку електросамоката як четверта cross-cutting infrastructure axis — паралельна до [інженерії різьбових з'єднань як joining-axis](@/guide/fastener-and-bolted-joint-engineering.md), [термоменеджменту як heat-dissipation axis](@/guide/thermal-management-engineering.md) і [EMC/EMI як interference-mitigation axis](@/guide/emc-emi-engineering.md). Покриває: 10-row standards matrix (ETSI EN 303 645 V3.2.0:2024-12 consumer IoT baseline, ISO/SAE 21434:2021 road-vehicle TARA, ISO/SAE 24089:2023 SW update engineering, UNECE R155 CSMS, UNECE R156 SUMS, EU CRA 2024/2847, NIST SP 800-193 firmware RoT, IEC 62443-4-1 secure SDLC, Bluetooth Core 5.4 LE Secure Connections, IEEE 802.11i WPA3-SAE); 7-row attack-surface matrix (BLE pairing методи + KNOB/BIAS/BLURtooth/BLESA + firmware JTAG/SWD/DFU + mobile↔cloud TLS + OTA signing + GPS spoofing + smart-battery handshake); 6-row mitigation matrix (LE Secure Connections + mutual TLS + secure boot + signed firmware + anti-rollback + HSM/SE); 6-row real-incident matrix (Xiaomi M365 2019 + Lime BLE 2019 + Bird IDOR 2020 + Ninebot pwd 888888 + Tier/Voi 2022 + hoverboard catalogue); 8-step DIY security check; 6-step DIY remediation; EU Cyber Resilience Act timeline (2024-12-10 entry into force, 2026-09-11 reporting obligations, 2027-12-11 full applicability); 16 нумерованих розділів.

20.05.2026 17 хв читання

Гайд користувача

Інженерія програмного забезпечення і прошивок для embedded ECUs електросамоката як 29-та engineering axis: UN R156 SUMS + ISO/SAE 21434 + Automotive SPICE 4.0 + MISRA C:2023 + ISO 26262-6:2018 + AUTOSAR Classic R23-11 + ISO/IEC/IEEE 12207:2017 + ISO/IEC/IEEE 29148:2018 + ISO/IEC 25010:2023 + CISA SBOM Minimum Elements + CWE/CVE + CVSS v4.0

Інженерний deep-dive у software & firmware engineering як 29-ту engineering axis і дванадцяту cross-cutting infrastructure axis — описує, як firmware embedded ECUs e-самоката (motor controller + BMS + dashboard + IoT gateway + charger MCU) розробляється під MISRA C:2023, валідується через Automotive SPICE 4.0 V-model + SWE.1–SWE.6 + SYS.1–SYS.5 + HWE.1–HWE.4 + MLE.1–MLE.4, OTA-оновлюється під UN R156 SUMS (L-category mandate: Dec 2027 new types / June 2029 existing types), трасується через ISO/IEC/IEEE 12207:2017 software lifecycle 30 processes у 4 групах (Agreement + Organizational Project-Enabling + Technical Management + Technical), документується через SBOM per CISA Minimum Elements 2025 (Supplier + Component + Version + Unique-IDs + Dependencies + Author + Timestamp + Hash + License + Tool + Generation-Context) у форматах SPDX 2.3 + CycloneDX 1.6, версіонується через ISO/IEC 25010:2023 product quality model 8 characteristics, кваліфікується tool-chain'ом per ISO 26262-8 Clause 11 (TCL1/TCL2/TCL3 + TD1/TD2/TD3), і моніториться через CWE Top 25 + CVSS v4.0 (Base + Threat + Environmental + Supplemental). 18 нумерованих розділів.

20.05.2026 15 хв читання