Skip to content

Latest commit

 

History

History
38 lines (35 loc) · 2.51 KB

reference_material.md

File metadata and controls

38 lines (35 loc) · 2.51 KB

AVCDL Reference Material

The following is a list of material upon which the AVCDL is based.

Note: Each AVCDL document contains a list of references applicable to that document.

  1. Cybersecurity Maturity Model Certification (CMMC)
    https://www.acq.osd.mil/cmmc/docs/CMMC_ModelMain_V1.02_20200318.pdf
  2. Systems and software engineering - Software life cycle processes
    https://en.wikipedia.org/wiki/ISO/IEC_12207
  3. Systems and software engineering - System life cycle processes
    https://en.wikipedia.org/wiki/ISO/IEC_15288
  4. Secure Software Development for Autonomous Vehicles
    https://www.sae.org/standards/content/iso/sae21434.d1/
  5. Systems Security Engineering - Capability Maturity Model (SSE-CMM)
    https://www.iso.org/standard/44716.html
  6. Microsoft Security Development Lifecycle (SDL) - simplified implementation
    http://download.microsoft.com/download/F/7/D/F7D6B14F-0149-4FE8-A00F-0B9858404D85/Simplified%20Implementation%20of%20the%20SDL.doc
  7. NHTSA Cybersecurity Best Practices for the Safety of Modern Vehicles
    https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf
  8. Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
    https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf
  9. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
  10. NICE Cybersecurity Workforce Framework (NCWF)
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181r1.pdf
  11. Secure Software Development Framework (SSDF)
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218-draft.pdf
  12. Static Analysis Results Interchange Format (SARIF)
    https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.pdf
  13. Systems Engineering Capability Maturity Model (CMM)
    https://resources.sei.cmu.edu/asset_files/TechnicalReport/1993_005_001_16211.pdf
  14. Software Package Data Exchange (SPDX®) Specification
    https://spdx.dev/wp-content/uploads/sites/41/2020/08/SPDX-specification-2-2.pdf
  15. Proposal for a Recommendation on Cyber Security
    https://unece.org/DAM/trans/doc/2019/wp29grva/ECE-TRANS-WP29-GRVA-2019-02e.pdf
  16. Guidelines on Minimum Standards for Developer Verification of Software
    https://www.nist.gov/system/files/documents/2021/07/13/Developer%20Verification%20of%20Software.pdf