inCSMS is a tool product designed to serve the forward development process of automobiles, covering all requirements of ISO/SAE 21434. The platform extracts system functionalities from each chapter of ISO/SAE 21434 to ensure that OEMs can manage various cybersecurity activities and related deliverables required by the CSMS system. It meets the management requirements of R155 and GB standards and supports both domestic and international certification audits.
Product Functions
Security Process Management: Includes enterprise-level security systems, security organization management, security process definition, security goal management, and project risk management.
Security Asset Management: Manages vehicle models, EE architecture, H/SBOM, and asset import/export.
Security Vulnerability Management: Manages the vulnerability database, integrates external vulnerability databases, identifies vulnerabilities, and tracks vulnerability handling.
Incident Management: Interfaces with VSOC and manages incident handling processes.
Supplier Management: Manages supplier capabilities, activities, and monitors security quality.
Security Capability Management: Manages security standards interpretation, security requirements database, solution library, and security training.
System Management: Manages users, permissions, interfaces, and system logs.
Product Architecture
Product Advantages
Platform-based and Lightweight: The system uses a B/S architecture, compatible with various systems and hardware, with a modular design and Docker deployment.
Comprehensive Legal and Regulatory Coverage: Fully compatible with ISO 21434, "Technical Requirements for Vehicle Information Security," and R155 requirements. Covers the entire vehicle lifecycle, including concept, development, validation, production, operation, and scrapping.
High Efficiency: Enhances security management efficiency by integrating with external systems such as VSOC, vulnerability management platforms, and TARA tools. Automatically generates security compliance reports, reducing the cost of manual security processes. It provides a unified information security work platform, ensuring traceability of information.