Skip to content

Latest commit

 

History

History
95 lines (61 loc) · 5.83 KB

supply chain.md

File metadata and controls

95 lines (61 loc) · 5.83 KB

Supply Chain Material [PDF]

Overview

Cybersecurity within the supply chain is critical to the cybersecurity of the overall product. This page provides links to the supplier chain-specific AVCDL documentation.

Supplier-related Training Videos

A set of training videos complementing the written AVCDL supply chain documents. A list of the available videos can be found here.

Guidance Documents

The following diagram illustrates the relationship between the various supply chain-related documents within the AVCDL.

lifecycle creation flow

The following are some general supply chain-related materials.

Supply Chain Overview

This is an overview of how supply chain cybersecurity is addressed within the AVCDL.

Blog Post Turtles All the Way Down: Security at Every Level link
Guidance Understanding Supply Chain Interaction in an AVCDL Context link
Video AVCDL Supply chain overview link

Supplier Selection Documents

The following diagram illustrates the relationship between the various supplier selection-related documents within the AVCDL.

lifecycle creation flow

Note that the diagram is broken into three phases:

  • request for information (RFI)
  • request for quote (RFQ)
  • development / production / post-production

The following sections address the two phases specific to supplier selection.

Request For Information (RFI)

During the RFI phase, the supplier is asked to provide information used to determine their cybersecurity maturity and implemented processes.

Supplier Cybersecurity Disclosure Statement (AVCMDS)

This material covers how to complete the supplier cybersecurity manufacturer disclosure statement.

Blog Post AVCMDS: Autonomous Vehicle Cybersecurity Manufacturer Disclosure Statement link
Guidance Autonomous Vehicle Cybersecurity Manufacturer Disclosure Statement link
Template AVCMDS Worksheet template.xlsx link
Video AVCMDS link

Supplier Self-reported Cybersecurity Process Maturity (CMM)

This material covers how to complete the supplier cybersecurity process maturity assessment.

Blog Post Where are You at? Level Setting Supplier Cybersecurity Maturity link
Guidance Supplier Self-reported Cybersecurity Maturity Assessment link
Template AVCDL vendor CMM template.xlsx link
Video supplier maturity link

Vendor Process - AVCDL Product Mapping

This material covers how to map established supplier cybersecurity processes to their AVCDL counterparts.

Guidance Understanding Supplier Cybersecurity Process Mapping link
Template vendor process - AVCDL product mapping template.xlsx link
Video vendor process mapping link

Request For Quote (RFQ)

During the RFQ phase, the supplier and customer establish the responsibilities in the creation, deployment, operation, and decommissioning of the product the supplier provides.

Cybersecurity Interface Agreement (CIA)

Blog Post Yours, Mine, and Ours: The AVCDL and Cybersecurity Interface Agreements link
Guidance Understanding Cybersecurity Interface Agreements link
Template AVCDL Cybersecurity Interface Agreement template.docx link

Service Level Agreement (SLA))

Guidance Understanding Service Level Agreements in an AVCDL Context link