I am happy to announce the release of IBM Engineering Lifecycle Management (ELM) Automotive Compliance 1.1, which is designed to be a fast path to implement the IBM ELM tools with engineering processes that help you meet your compliance obligations. This release introduces new guidance for compliance with the ASPICE for Cybersecurity standard and enhancements to the existing guidance for automotive standards like Automotive SPICE,  ISO-26262, UNECE WP.29/R155 and ISO/SAE 21434 for Cybersecurity.

Here’s a summary of what’s new:

Updates for ASPICE 4.0

These enhancements make it easier to align your engineering processes with the latest ASPICE 4.0 guidance and ensure your processes are aligned with cutting-edge engineering excellence. Key updates include:

1. New VAL.1 Validation process group for improving your system-level validation efforts: updated templates, reports, and Method Composer (MEC) process guidance.
2. Terminology changes introduced in ASPICE 4.0: refined MEC process, reports, attributes, enumerations, and artifact categories, ensuring alignment with the latest standard.
3. Process groups ACQ 12 and SUP.2 have been removed, aligning with ASPICE 4.0’s updated structure.

Introducing compliance for ASPICE for Cybersecurity

The Automotive Compliance solution now incorporates cybersecurity-related guidance from ASPICE for Cybersecurity Version 1.0 VDA into the existing scope of Automotive SPICE for the systems engineering processes. Key updates include the following:

1. Templates, reports, and MEC process have been updated to support the new ASPICE for cybersecurity process groups
   • SEC.1 Cybersecurity Requirements Elicitation
   • SEC.2 Cybersecurity Implementation
   • SEC.3 Risk Treatment Verification
   • SEC.4 Risk Treatment Validation
   • MAN.7 Cybersecurity Risk Management
2. The Automotive Compliance MEC process now has additional guidance on the adjacencies of MAN.7 with ISO 21434 TARA work products.

Enhancements for ISO 21434: Road vehicles – Cybersecurity

The improved Threat Analysis and Risk Assessment (TARA) calculator in Automotive Compliance simplifies and enhances your cybersecurity risk assessments. Key improvements include:

1. The improved calculator now computes additional values critical for determining the final Risk value of a Threat Scenario. The new calculations include:
   • Impact Rating of a Damage Scenario
   • Aggregate Impact Rating, Aggregate Attack Feasibility, and Attack Vector for a Threat Scenario
2. The calculator now computes Cybersecurity Assurance Levels (CAL) for cybersecurity goals, making it less error-prone. The CAL is derived using the Attack Vector and Aggregate Impact Rating of all associated Threat Scenarios
3. Additional guidance for performing a vulnerability analysis of potential problems and tying the process of managing vulnerabilities with the TARA process for analysis and assessment

With these enhancements, Automotive Compliance continues to help organizations adhere to regulatory requirements while unlocking value faster from best-in-class engineering practices. Explore how the new version of Automotive Compliance can accelerate your path to compliance and excellence.

Let us know what you think about our latest release.

Bhawana Gupta
Senior Product Manager, IBM Engineering