本推荐实施规程提供了车辆网络安全方面的指南，是根据行业、政府和会议文件中正在实施或报告的现有实践创建的，并在其基础上进行了扩展。最佳实践旨在灵活、实用，并在进一步应用于车辆行业以及其他网络物理车辆系统（如商用和军用车辆、卡车、公共汽车）时具有适应性。其他专有网络安全开发流程和标准可能已经建立，以支持特定制造商的开发流程，并且可能不会在本文件中全面介绍，但是，本文件中包含的信息可能有助于完善现有的- 内部流程、方法等。本推荐做法确立了一套与网络物理车辆系统相关的网络安全高级指导原则。这包括:-定义一个完整的生命周期过程框架，可以在每个组织的开发过程中定制和使用，以将网络安全从概念阶段到生产、运营、服务和退役纳入网络物理车辆系统。-提供设计、验证和验证网络时使用的一些常见现有工具和方法的信息- 物理车辆系统。-提供车辆系统网络安全的基本指导原则。-为车辆网络安全的进一步标准开发活动提供基础。附录提供了需要注意的其他信息，可用于帮助提高功能设计的网络安全性。附录中确定的大部分信息都是可用的，但一些专家可能不知道所有可用信息。因此，附录对其中一些信息进行了概述，为在网络安全中构建网络安全提供了进一步指导- 物理车辆系统。概述的目的是鼓励进行研究，以帮助改进设计，并确定应用公司内部网络安全流程的方法和工具。附录A-C——描述威胁分析和风险评估、威胁建模和漏洞分析（如攻击树）的一些技术，以及何时使用它们。附录D-I——提供对汽车行业可用信息的了解。附录D——概述了NIST SP 800的网络安全和隐私控制示例- 53可在设计阶段考虑。附录E——提供了一些可用漏洞数据库和漏洞分类方案的参考。附录F-描述了车辆级别的注意事项，包括电气架构的一些良好设计实践。附录G——列出了车辆行业可能感兴趣的当前网络安全标准和指南。附录H——概述了从2004年开始的车辆网络安全相关研究项目。附录I——描述了一些车辆行业可能感兴趣的现有安全测试工具。 请参阅“定义”部分，了解本文件中使用的术语。

This recommended practice provides guidance on vehicle Cybersecurity and was created based off of, and expanded on from, existing practices which are being implemented or reported in industry, government and conference papers. The best practices are intended to be flexible, pragmatic, and adaptable in their further application to the vehicle industry as well as to other cyber-physical vehicle systems (e.g., commercial and military vehicles, trucks, busses). Other proprietary Cybersecurity development processes and standards may have been established to support a specific manufacturer¿¿¿s development processes, and may not be comprehensively represented in this document, however, information contained in this document may help refine existing in-house processes, methods, etc.This recommended practice establishes a set of high-level guiding principles for Cybersecurity as it relates to cyber-physical vehicle systems. This includes:- Defining a complete lifecycle process framework that can be tailored and utilized within each organization¿¿¿s development processes to incorporate Cybersecurity into cyber-physical vehicle systems from concept phase through production, operation, service, and decommissioning.- Providing information on some common existing tools and methods used when designing, verifying and validating cyber-physical vehicle systems.- Providing basic guiding principles on Cybersecurity for vehicle systems.- Providing the foundation for further standards development activities in vehicle Cybersecurity.The appendices provide additional information to be aware of and may be used in helping improve Cybersecurity of feature designs. Much of the information identified in the appendices is available but some experts may not be aware of all of the available information. Therefore, the appendices provide an overview of some of this information to provide further guidance on building Cybersecurity into cyber-physical vehicle systems. The objective of the overviews is to encourage research to help improve designs and identify methods and tools for applying a company¿¿¿s internal Cybersecurity process.Appendices A-C - Describe some techniques for Threat Analysis and Risk Assessment, Threat Modeling and Vulnerability Analysis (e.g., Attack Trees) and when to use them.Appendices D-I - Provide awareness of information that is available to the Vehicle Industry.Appendix D - Provides an overview of sample Cybersecurity and privacy controls derived from NIST SP 800-53 that may be considered in design phases.Appendix E - Provides references to some available vulnerability databases and vulnerability classification schemes.Appendix F - Describes vehicle-level considerations, including some good design practices for electrical architecture.Appendix G -Lists current Cybersecurity standards and guidelines of potential interest to the vehicle industry.Appendix H - Provides an overview of vehicle Cybersecurity-related research projects starting from 2004.Appendix I - Describes some existing security test tools of potential interest to the vehicle industry.Refer to the definitions section to understand the terminology used throughout the document.