FKFS Veranstaltungen

2025 Stuttgart International Symposium
on Automotive and Engine Technology

3. - 4. Juli 2025

Session: Connected Vehicle | | 09:30 - 10:00

Cyber Security Approval Criteria: Application of UN R155

Mona Hellstern, University of Applied Sciences Karlsruhe

The UN R155 regulation is the first automotive cyber security regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval. As a result, the application of the regulation presents manufacturers and suppliers with the challenge of demonstrating compliance. At process level the implementation of a Cyber Security Management System (CSMS) is required while at product level, the Threat Assessment and Risk Analysis (TARA) forms the basis to identify relevant threats and corresponding mitigation strategies. Overall, an issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient. However, as security engineering according to ISO/SAE 21434 follows a risk-based approach, there are currently no uniform assessment criteria at product level. In response to this challenge, the paper conducts an analysis of existing security concepts of the automotive security standard ISO/SAE 21434 and the Information Technology Security Evaluation Standard ISO 15408 (Common Criteria) and therefore provides an insight into the state-of-the-art of security evaluation methods. The overall objective is to derive applicable assessment criteria and recommendations for the UN R155 approval while taking into account relevant security properties that help to decide on the sufficiency of security measures. These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cyber security in the context of vehicle type approvals.