Infineon achieves ISO/SAE 21434 process certification

1 min read

Introduced by the United Nations Economic Commission for Europe (UNECE), the UN R155 regulation is intended to address cybersecurity in connected automobiles.

This regulation, which came into effect from July 2022, requires vehicle manufacturers to apply a security-by-design approach to their products and processes. To enable new vehicle sales in markets covered by the R155 regulation, the vehicle manufacturer must own a valid certificate of compliance for the cybersecurity management system (CSMS) applied to each vehicle type.

In order to achieve certification, vehicle OEMs are required to implement cybersecurity practices across the supply chain to reduce the overall risk of attack throughout the vehicle lifecycle - from initial concept to end-of-life.

To help customers achieve compliance with national and international cybersecurity regulations such as UN R155, Infineon Technologies has become one of the first semiconductor suppliers to achieve certification under ISO/SAE 21434, the new international standard for automotive cybersecurity management systems.

The certification for this standard was carried out by TÜV Nord. In addition, Infineon’s upcoming AURIXTC4xx microcontroller family features a new cybersecurity architecture and is expected to achieve product certification under the ISO/SAE 21434 standard.

Infineon’s ISO/SAE 21434-compliant CSMS applies to a wide range of Infineon products supporting automotive cybersecurity, including AURIX and PSoC microcontrollers, SEMPER Secure flash memories, and OPTIGA hardware security modules.

Following industry best practices, the CSMS covers information technology, manufacturing technology, and selected regional and regulatory environments.

Infineon’s threat monitoring system is able to actively analyse relevant vulnerability disclosures, and potential threats to Infineon security products and systems can be evaluated and mitigated based on an ISO/SAE 21434-compliant product security incident response process. These ISO/SAE 21434-compliant monitoring and incident response capabilities mean that Infineon and its customers will be able to work in close cooperation to rapidly identify and mitigate product security risks in compliance with risk management programs and relevant regulations.