Where is the System Modeling in ISO21434?

The DIS of ISO21434 has the name “item” for the target system under evaluation. It uses that term in compliance with ISO26262, which is describing the safety-equivalent of ISO21434.

According to section 9.3 of ISO21434, the item definition describes the item, its environment and their interactions. It includes the item boundary, its function and preliminary architecture. Furthermore, it contains information on the operational environment, constraints and compliance needs (such as implemented standards) and assumptions about the item and the operational environment.

Practically, security analysts commonly need to create their own system model based on interviews with the technical architects, because the available documentation does not contain the security-relevant information. As such, the item definition may be seen as an necessary step in the beginning of any TARA.

What now?

Want to discuss this further? Feel free to contact the YSEC Team. Otherwise, read more on our insights from reading ISO21434.