NIST and automotive industry collaborate on new cybersecurity guidelines

Cybersecurity threats are on the rise. In response, the Automotive Industry Action Group (AIAG) has released the Cyber Security 3rd Party Information Security publication, which details cybersecurity guidelines for the automotive industry.

The idea for the guidelines came about when a manufacturer approached AIAG with concerns about the vulnerability of information shared across trading partners in the industry and recommended a uniform set of information security standards. The document was then created with information security leaders and industry executives.

The security strategies used in the publication are based on ISO 27002 controls, and NIST special publications 800-53 and 800-171. NIST, the National Institute of Standards and Technology, was also involved in the creation of the cybersecurity document. Before collaborating with the automotive industry, NIST also assisted in facilitating the benchmarking process for defense industry suppliers.

Protect your organization

No industry is immune to cyber attacks. The automotive industry is taking steps to strengthen its cybersecurity stance. The NIST Cybersecurity Framework (CSF), primarily aimed at critical infrastructure organizations, can be implemented by any organization in any part of the world. It is designed to help them manage their cybersecurity risks effectively by systematically organizing their cybersecurity activities and helping them stay on top of ever-evolving threats.

The CSF is also strongly focused on making sure that any cybersecurity measures taken are appropriate for the level of risk involved – in other words, ensuring that implemented measures are cost-effective.

Learn more about the ISO standards

The automotive industry looked to ISO 27002 to develop a uniform set of cybersecurity expectations. ISO 27002 is the international standard that supports the implementation of an information security management system (ISMS) based on the requirements of ISO/IEC 27001:2013. It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

Purchase a copy of ISO/IEC 27002 2013 Code of Practice for InfoSec Controls.