NMFTA Telematics Security Requirements Matrix
Type | Level | UID | REFS | Title | Statement | Rationale | Comment | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Text | These recommended security requirements are intended to be informative, not directional in nature. While all reasonable steps have been taken to ensure that the recommendations are well-supported by our research and third-party verification, NMFTA and the parties contributing to these recommendations do not accept liability or responsibility for any damage or harm incurred as a result of actions taken based upon these recommendations. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 1 |
Acknowledgements
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | We would like to acknowledge the contributions of DOT/Volpe Center and the members of the Cybersecurity Requirements for Telematics Systems working group. At the time this report was published, named participants included Derek Held of Zonar Systems, several representatives from Geotab, Altaz Valani of Security Compass, Mark Zachos, President of DG Technologies, Richard M. Litwinczuk, Senior Cybersecurity Engineer, Land Cyber Mission Assurance Program DND, Jacob D'Aoust, Junior Researcher, DeepMicro Limited. The working group benefited greatly from the contributions of several other fleet managers and telematics service providers (TSPs) who wish to remain anonymous. The authors would also like to acknowledge the contributions of the NMFTA Request for Proposal Contract Template Language (RFPCTL) working group. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 2 |
List of Abbreviations
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 3 |
Foreword
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | After the US DOT/Volpe published “Telematics Cybersecurity Primer for Agencies” in June 2017, we wanted to create resources for use by our motor freight carrier members to procure new telematics systems such as Electronic Logging Devices (ELD). Starting with the telematics cybersecurity controls and recommendations made by the Primer, a working group was assembled to complete a detailed list of testable cybersecurity requirements for all the components of a telematics system. We are fortunate to have been able to collaborate with DOT/Volpe and to see the efforts of the working group come to fruition through the publication of this report, which is a natural refinement of the security controls defined in the Primer. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 4 |
Preface
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | THE INFORMATION CONTAINED HEREIN IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE INFORMATION IS WITH THE USER. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 5 |
Executive Summary
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | The purpose of this document is to provide government agency Fleet Managers and private industry stakeholders (e.g. TSPs, carriers, OEMs, Tier 1 suppliers, and others) responsible for the selection and procurement of Telematics, Fleet Management Information Systems (FMIS) and/or ELDs with situational awareness of potential cybersecurity risks of deploying such systems. This report also delivers a comprehensive list of cybersecurity requirements that should be satisfied by all components of a Telematics, Fleet Management Information System (FMIS) and/or Electronic Logging Devices (ELD), including validation steps for federal agencies and private industry stakeholders when deploying such systems. The audience for this report is the agencies and private industry stakeholders responsible for the selection and procurement of Telematics, Fleet Management Information Systems (FMIS) and/or ELDs, as was the case in the previously released “Telematics Cybersecurity Primer for Agencies” report. The working group believes that any stakeholder that must procure Telematics, FMIS and/or ELDs will also find the requirements outlined in this document relevant. The complete list of requirements outlined in Appendix A will remain a living document which can respond to feedback from industry and technical experts. The requirements are hosted at https://github.com/nmfta-repo/nmfta-telematics_security_requirements and readers are encouraged to check there for updates to, and to offer feedback on, the requirements. The comprehensive list of cybersecurity requirements for Telematics, FMIS and/or ELDs presented here was developed in collaboration with a diverse working group. The requirements are prioritized and include references to public authoritative sources containing more information, should the reader require additional details. The complete listing will provide purchasers with sufficient information to prioritize the need for cybersecurity in the Telematics, FMIS and/or ELD as well as validate the presence of the controls upon delivery of a system. It is the recommendation of the working group that agencies and private stakeholders use these cybersecurity requirements when procuring new Telematics, FMIS and/or ELDs as well as when evaluating their current systems when the need to evaluate cybersecurity arises. The working group continues to refine the requirements and the reader is encouraged to visit https://github.com/nmfta-repo/nmfta-telematics_security_requirements to obtain the most up-to-date copy of the requirements, which is also available in a supplier questionnaire format. The site should also be used to give feedback to the working group on ways that the requirements can be further refined. It is NMFTA’s recommendation that motor freight carriers use these requirements as a natural successor to “Telematics Cybersecurity Primer for Agencies.” The complete list of cybersecurity requirements can be found in Appendix A. Requirements are prioritized for use by stakeholders via a Criticality field to encourage adoption incrementally. These requirements are presented for all the components of a Telematics, FMIS and/or ELD: Vehicle Connection, Connectivity/Communications, Mobile App, and Cloud or Back-end and must be taken in their entirety for any assurances of cybersecurity to be realized. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 6 |
Introduction
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | The deployment of Telematics, FMIS and/or ELDs in motor vehicles is pervasive today. As with any Information System (IS), it is the owner/operator of that system who bears the responsibility for managing the security of that system. This includes security of the information being collected, managed and stored, but also the security of the assets being monitored which – if not considered in procurement – could have their security posture worsened by the introduction of a Telematics, FMIS and/or ELD. In the case of agencies as the owners of an IS, their responsibility is detailed in the Federal Information Security Management Act of 2014[^1]. A core objective of this document is to provide information to owners of Telematics, FMIS and/or ELDs in the phases of procurement of these systems so they can manage risks to security. An additional objective is to provide comprehensive cybersecurity requirements that can be consulted by the owner and potential vendors to provide sufficient information that can prioritize the needs for cybersecurity in the Telematics, FMIS and/or ELD and validate the presence of the controls upon delivery of the system. The approach taken to create this list included consultations with many authoritative sources of cybersecurity controls and then mapping them to the components of a Telematics, FMIS and/or ELD. To do this, the report considers a simplified model of a Telematics, FMIS and/or ELD. The four components of such a simplified system are broken down by Vehicle Connection, Connectivity/Communications, Mobile App, and Cloud or Back-end and are depicted in the figure below: ![]() The Cybersecurity Requirements for Telematics Systems matrix uses the following terms for the components of a Telematics, FMIS and/or ELD:
A goal of the working group was to ensure that stakeholders who procure equipment could also be capable of verifying that the equipment satisfies cybersecurity requirements. Therefore, each requirement includes a validation step which is intended to be executed by the purchaser. In some cases, the verification of the cybersecurity requirement requires more specialized knowledge than is reasonable to expect the purchaser to have. In these few cases, the validation steps recommend consulting a 3rd party report. In recognizing that implementing cybersecurity for systems is an ongoing process for which there are rarely enough resources, each requirement has been each assigned a ‘criticality.’ These criticalities can be used to prioritize implementation by vendors or selection of vendors by purchasers. We have avoided any requirements that are novel or otherwise unique in favor of referencing publicly available authoritative sources; at the time of drafting this report the authoritative references include:
Additional authoritative sources will be included in future versions of this report. With regards to the FMCSA report "Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems into Heavy Vehicles" reference which is included in the references: the Cybersecurity Requirements for Telematics Systems Requirements matrix is aligned with the guidelines recommended by the FMCSA in their report. However, there are some differences between the audiences of the FMCSA report and the Cybersecurity Requirements for Telematics Systems Requirements matrix and also some requirements in the matrix which do not have a corresponding guideline in the FMCSA report. For more details on these topics please see the NMFTA bulletin on the FMCSA "Cybersecurity Best Practices for Integration/Retrofit of Telematics and Aftermarket Electronic Systems into Heavy Vehicles." |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 7 |
Cybersecurity Requirements for Telematics Systems Matrix Description
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | Each requirement captured is augmented with Criticality, Verification Steps, Public Requirements References, etc. A sample requirement is shown below: ![]() The example requirement above demonstrates the form in which each requirement is presented in Appendix A. UID shows a unique value assigned to the requirement for easy reference CATEGORY groups like requirements together CRITICALITY assigns a ‘priority’: a recommendation to the purchaser for each requirement:
CHILDREN Captures the applicable component categories; shows to which of the components of the Telematics, FMIS and/or ELD that this requirement applies by listing the child requirements that are specific to Cloud, Connectivity, Mobile, or Vehicle Connection components. PUB_REFS Captures the public requirements references / descriptions from external authoritative requirements as were known to the working group at the time of this draft. These references are included so that
STATEMENT Shows the requirement as it applies to the components of a Telematics, FMIS and/or ELD. The working group made every effort to make these requirements shorter and more succinct than the authoritative external references. VERIFICATION shows the steps which can be executed by purchasers to confirm that a given Telematics, FMIS and/or ELD satisfies this requirement. There are several cases where the working group does not expect that purchasers will perform their own verification. Where it is recommended that either a third party be engaged to provide an analysis which can be used by the purchasers to verify vendor claims, or that the vendor perform a demonstration that the requirement is satisfied which can be observed and confirmed by the purchaser. In such cases, rationale will be given. Due to the costly nature of delegating to a third party or of preparing a demonstration, this will only be recommended in cases where the requirement has been listed as having high Criticality. Because of the high Criticality of these requirements, it would be ideal to verify them relying on both a third party and a demonstration; the recommendation of the working group is that one or the other is sufficient.
COMMENT Shows comments or notes from the working group. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 8 |
Questionnaire Description
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | This project available in a supplier questionnaire format, one sheet for each of Vehicle Connection, Connectivity/Communications, Mobile App, and Cloud or Back-end. ![]() These questionnaires can be sent in request to vendors to evaluate each of the applicable components of a telematics system that is being procured. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 9 |
Recommendations and Conclusions
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | The working group has produced the comprehensive list of cybersecurity requirements for Telematics, FMIS and/or ELDs found in Appendix A. These requirements are prioritized via Criticality and assigned to one or more components in a generic Telematics, FMIS and/or ELD. They also include references to public, authoritative sources for more details on the requirement for the benefit of additional understanding on the part of the purchaser and vendor. The working group recommends that federal agency fleet managers and private industry stakeholders use these requirements when procuring new Telematics, FMIS and/or ELDs, as well as when evaluating their current systems when the need to evaluate cybersecurity arises. It is NMFTA’s recommendation that motor freight carriers use these requirements as a natural successor to “Telematics Cybersecurity Primer for Agencies.” The requirements contained in this report complete several key areas which are missing in the Primer. The working group continues to refine the requirements and the reader is encouraged to visit https://github.com/nmfta-repo/nmfta-telematics_security_requirements to obtain the most up-to-date copy of the requirements, which is also available in a supplier questionnaire format. The site should also be used to give feedback to the working group on ways that the requirements can be further refined. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 10 |
Appendix A
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Text | In this section the reader will find all of the requirements of the TSRM. The latest version can be found at https://github.com/nmfta-repo/nmfta-telematics_security_requirements |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AA-010 | Children: | The vendor's system shall record event and system logs |
Ideally the logs are immutable, backed up, and retained for a certain period of time | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-010 | Children: | Vendor devices will implement least privilege for the memory spaces of processes handling protected data. i.e. data in-use, of the categories of sensitive protected data above, or shall be segmented from software components which do not handle such data. Acceptable segmentations include Mandatory Filesystem Access Controls and Mandatory Volatile Memory Access Controls. |
e.g. a Linux system with MAC configured to deny access to the processes dealing with protected data and also denying debugger access to the memory space of those processes. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-020 | Children: | All actions taken by the vendor's telematics system that are capable of supporting access controls shall be configured such that each user account or process/service account are assigned only the minimal privileges required to perform the specific, intended, actions of the user or process/service account. |
This principle underpins system security | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-030 | Children: | The vendor's system shall employ cryptographic authentication to prevent unauthorized access to telematics systems and data. |
Identity management is critical e.g. PINs, single-sign on with carrier’s identity provider (SAML or other), vendor managed identity provider (SAML or other) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-040 | Children: | The vendor shall identify all instances where the telematics system includes actions that cannot support access authentication and/or execute with elevated privileges |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-041 | Children: | Identifying information about the connected devices will not be made available without authentication first. |
e.g. it should not be possible to identify the device type nor firmware version by port scanning a connected device. Also, it should not be able to determine that a vehicle is operational or not via non-authorized connections. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-050 | Children: | All remote access methods and possible remote actions to/on telematics system shall be documented. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-060 | Children: | For all components of the system, the vendor shall provide a listing of all wireless communication interfaces to the system and specify how the interfaces can be configured and/or disabled. |
e.g. Bluetooth, cellular, satellite, Wi-Fi hotspot, Wi-Fi client, infrared, NFC, RFID | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-061 | Children: | The vendor shall not use any deprecated encryption+authentication on any Wi-Fi interface of the device. At the time of drafting this includes WEP, WPS or open/none. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-062 | Children: | The vendor shall implement, for all Bluetooth interfaces, pairing that must be specifically allowed by physical controls on the device and be time-limited. Furthermore, pairing will not use legacy pairing or passkey entry. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-063 | Children: | Any and all software or firmware implementing wireless interface encrytion+authentication (those satisfying AC-061 and AC-062 above) will be prepared for future deprecation of methods. i.e. That software/firmware is upgradable. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-070 | Children: | Authentication attempts to the vendor’s devices and backends shall be rate-limited to an industry accepted rate. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | AC-080 | Children: | All authentication offered on device-local interfaces shall expect credentials which are unique to each device instance and uncorrelated to any and all public information about the device. |
This requirement applies to many common facilities found on devices. e.g. local management portals, local Wi-Fi access points, Bluetooth pairing codes, local ssh servers, local serial console logins | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CM-010 | Children: | All components of the vendor's system shall be configured to utilize the principle of least functionality and use only the services necessary for secure operations of the system. Additionally, customers should have the option of disabling any features they do not want or do not need by having unnecessary services’ executables removed or at least disabled such that their execution (by even superuser) is not possible in deployed systems. |
E.g. this is particularly true of unauthenticated or unencrypted transport services (which would not satisfy protected communication requirements above) such as File Transfer Protocol, telnet, Short Messaging Service, etc. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CM-020 | Children: | The vendor’s devices shall have all services used for troubleshooting disabled or properly protected from unauthorized access and use. |
Deploying with test or debug facilities enabled is egregious | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CM-030 | Children: | Vendor ensures that any and all interfaces used for testing or debug are unavailable in production builds of the devices |
Deploying with test or debug facilities enabled is egregious. Functionality that allows for the direct execution of scripts or commands by the device or system can often be exploited by a malicious party and therefore must be disabled. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CM-040 | Children: | The vendors’ devices shall have a default system configuration that ensures security ‘out of the box’. In other words, the default configuration should be the most-secure and any additional features should be disabled by default and have their security implications communicated in documentation. |
Sufficient customer guidance should be provided to allow for that customer to understand the risks associated with enabling any insecure features of the device. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | IA-010 | Children: | All remote hosts of the vendor's system shall be configured to uniquely identify and authenticate all other remote hosts of the system and/or any other interfacing systems. |
e.g. that a remote system authenticate the other remote parties by referring to the unique identifiers using mutually authenticated TLS | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | IA-020 | Children: | Any authenticators (unique identification) for devices used in vendor’s systems shall be uncorrelated to any and all public information about the device, e.g. lot number, product number, serial number MAC address are all unacceptable inputs to device identifiers. Where public information is any information that is visible (externally or internally) on the device or discoverable by searches based on that visible information. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | IA-030 | Children: | Cryptographic modules used in the vendors system shall be compliant with Federal Information Processing Standards (FIPS) 140-2: Level 1. |
e.g. • For each attempt to use the authentication mechanism, the probability shall be less than one in 1,000,000 that a random attempt will succeed, or a false acceptance will occur (e.g., guessing a password or PIN, false acceptance error rate of a biometric device, or some combination of authentication methods) • For multiple attempts to use the authentication mechanism during a one-minute period, the probability shall be less than one in 100,000 that a random attempt will succeed, or a false acceptance will occur • Feedback of authentication data to an operator shall be obscured during authentication (e.g., no visible display of characters when entering a password). • Feedback provided to an operator during an attempted authentication shall not weaken the strength of the authentication mechanism | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | IR-010 | Children: | The vendor shall have a documented incident response plan (IRP) in place which provides the carriers with a point of contact for components used within their telematics system |
TSPs must demonstrate this level of maturity to be trusted with business critical functions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-010 | Children: | The vendor shall have procedures in place to ensure that components outside of the carrier’s direct control are not updated or modified without prior coordination and approval by an organization-defined individual or role |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-020 | Children: | The vendor shall have procedures in place to test backup restoration processes of their own systems and their own facilities on at least an annual basis. |
TSPs must demonstrate this level of maturity to be trusted with business critical functions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-030 | Children: | The vendor must have a disposal of goods policy which covers the management of all computer equipment and storage media dealing with customer information including but not limited to PII and customer business operations data. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-031 | Children: | The vendor's disposal of goods policy must forbid disposal in skips, dumps or landfills until it has been processed to purge or clear previously stored information. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-032 | Children: | The vendor's processes to remove previously stored information must include acceptable processes for magnetic media, solid-state media, printers, scanners, laptops, smartphones, server and desktop computers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | M-040 | Children: | Vendors must provide manual backup/override capabilities to their safety related services to ensure that any failure of the device does not result in a safety issue. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | P-010 | Children: | The vendor shall have a System Security Plan (SSP) which details a clear and concise understanding of authorization boundaries of the telematics system. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | P-020 | Children: | The vendor shall have a documented Information Security Architecture (ISA) for the telematics system. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | P-030 | Children: | The vendor shall provide interfaces to their backend using the Open Telematics API -- enabling carriers to have failover to other providers to avoid interruptions due to single point of failure in provider telematics services. |
Telematics is business critical to the carriers, failover is needed for this service | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | PS-010 | Children: | The vendor shall have personnel security policies & procedures, position risk categorization, personnel screening, personnel termination, personnel transfer, access agreements and third-party personnel security. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | RA-010 | Children: | Vendor shall have risk assessments conducted at an industry accepted rate. Resulting risk assessment documentation should include all components and the overall system that is within the vendor's control. The rate suggested is twice per product release; both at product design and at integration phases |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | RA-020 | Children: | The vendor shall use the results of risk assessments to influence systems development and processes. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SAA-010 | Children: | The vendor shall have an Information Security Management Plan (ISMP). |
Sometimes referred to as ISMS as in ISO/IEC 2700. May include any of the following: System interconnections, System monitoring plan, Vulnerability management plan, Incident response plan (see IR-010 for authoritative requirement), System Security Plan (SSP) or System Security , Authorization Agreement (SSAA), Contingency Plan, Contingency Plan Test Results, Federal Information Processing Standards (FIPS) 199 Categorization, Privacy Threshold Analysis (PTA), E-Authentication, Security Test and Evaluation (ST&E) Plan, Plan of Action and Milestones (POAM), Annual Self-Assessments | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SAA-020 | Children: | The vendor shall have penetration testing performed, to an industry accepted best practice, at an industry accepted pace. Penetration testing can be performed by teams internal to the TSP; industry best practice is to have external pentesting performed periodically also. |
Periodic pentesting keeps everyone honest | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SAA-030 | Children: | Vendor shall have Security Testing and Evaluation (ST&E) of the system and/or components that includes all results of the security testing and evaluation, including discovered vulnerabilities and a plan/process to mitigate discovered vulnerabilities or weaknesses in the system. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SAA-040 | Children: | The vendor shall perform due diligence to ensure its suppliers also meet the vendor's security requirements |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SAA-050 | Children: | Cryptographic keys used in the vendors’ systems must be generated, stored and managed according to industry best practice. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-010 | Children: | Communication paths that traverse outside controlled boundaries must protect confidentiality and integrity of data |
Underpins device functionality and security. Naive implementations of TLS clients could still be susceptible to replay and MiTM attacks. The default configuration must be secure in order to prevent downgrade attacks. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-011 | Children: | Communication path cryptographic protections must not use identities, keys or shared secrets which are common across multiple deployed devices |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-020 | Children: | Measures will be taken by vendors to protect the confidentiality of any information at rest on the devices that could be interpreted as Sensitive and/or Personally Identifiable Information. This sensitive information is defined in SCP-030 where ‘at rest’ is understood to mean any state where the data is in a non-volatile storage medium, e.g. eMMC not RAM. |
Failing to adequately protect PII can incur large fines Logs and error messages must not expose PII without authentication. e.g. this applies also to apps on mobile where data is cached until it can be synced to other vehicle-connected devices. This data must be encrypted as per this requirement. NB: ideally these systems should be designed to minimize the collection of PII. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-030 | Children: | Vendors will supply documentation detailing what data is and is not protected at rest by cryptography. Vendors are encouraged to expand the list of categories of data which will be protected on-device. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-040 | Children: | Data of the categories above will be protected using cryptographic keys which are not correlated to any public information about the devices. Public information is any information that is visible (externally or internally) on the device or discoverable by searches based on that visible information. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-050 | Children: | All customer-related data will be logically segmented (e.g. encrypted with segmented keys) such that it is possible to produce all data related to one customer without inadvertently exposing any data of any others. |
Otherwise could cause PII breaches and incur strong penalties | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-060 | Children: | The vendor shall enforce controls integrated into the telematics device to limit the possible commands and data transmitted to the vehicle network. |
Vehicle network protection is paramount | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-090 | Children: | The vendor's system shall implement protection of communications sessions against attacks including session hijacking and traffic manipulation. Where a session is understood to mean a time-limited authenticated login with the cloud/back-end. Sessions shall be invalidated at logout. Sessions must be randomized and uniquely identified. Protections must be implemented to restrict certificate authorities to a short (maximum 3) list of those expected by the vendor, i.e. secure communications must implement certificate pinning to a short whitelist of certificate authorities. Certificate pinning shall be implemented on all telematics device to server communications (e.g. telematics gateways or IVGs). Administrative ‘backend’ systems may be exempt from this requirement to allow for stream inspection by enterprise intrusion detection systems. |
Confidentiality and integrity of communication underpins the security of the system Certificate pinning in clients -- when combined with the other requirement for e.g. fail-over – could result in extra complications and so functional testing of fail over should be performed. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-091 | Children: | The vendor shall implement checks for expired certificates and ensure the ability to remove trust in any given root certificate authority from their systems and devices PKI implementations. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-092 | Children: | The vendors’ systems shall implement protection of remote communication sessions by implementation of an inactivity timer that disconnects / de-authenticates the user after no more than 5 minutes of inactivity. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-100 | Children: | The vendor's system shall separate execution domains and/or processes (i.e. process isolation within both the telematics device and back-end system and between the serial communications in the telematics device and the interface to the vehicle network) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-110 | Children: | The vendor’s system shall provide a means to download unstructured customer data in an industry-standard format (Open Telematics API). This download will occur over secured communication protocols. |
Telematics is business critical and failover is required e.g. csv, txt, json formats | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-120 | Children: | The vendor’s software shall not contain any credentials that are shared among other copies of software; e.g. the software cannot contain hardcoded API keys or API passwords |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-130 | Children: | Vendors shall limit hardware support for deprecated or insecure communications protocols. This includes those with known vulnerabilities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SCP-140 | Children: | Vendors must ensure that their authentication mechanism is protected against brute force attacks. This includes ensuring that any password storage functions provide sufficient security through the use of industry best practice hashing mechanisms (such as BCrypt), as well as providing limits on access to sensitive services. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-010 | Children: | The vendor shall have a process for remediating flaws in deployed telematics devices and backend systems. In the case of telematics devices, firmware update capabilities are important to be able to remediate all flaws that could be located in the device. |
This is a leniently-worded requirement that a process to update device firmware exists | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-011 | Children: | The vendor shall implement/deploy secure over the air update systems including assurances of integrity&authenticity. Also rollback protections and a means of denying the use of old potentially compromised signing keys. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-020 | Children: | The vendor shall have a capability to mitigate vulnerabilities across all of the telematics devices, backend applications, and systems. Identified vulnerabilities are remediated or mitigated using suitable compensating controls on a timeline predicated by the severity of the vulnerability identified. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-021 | Children: | Identified vulnerabilities are remediated or mitigated using suitable compensating controls on a timeline predicated by the severity of the vulnerability identified. Taking no longer than the following elapsed times: high in 30d, moderate in 90d and low in 180d. Vendors shall provide a document that defines vulnerabilities severities (e.g. CVSS). Negotiation of mutually aggregable exceptions to the remediation timelines is acceptable to compensate for cases where the complexity of remediation or mitigations of the vulnerability is prohibitively expensive to execute in the prescribed timeline. In general, the timelines of remediation can be agreed -to in a SLA. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-030 | Children: | The vendor shall use digitally signed software on telematics devices and prohibit execution of unsigned or invalidly signed software. |
Note may just want to make this one vendor shall utilize digitally signed firmware | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-040 | Children: | The vendor shall utilize a boot verification process built with (asymmetric) cryptographic digital signatures and implemented such that the public key used for verification or the hash of the public key used for verification is protected from being tampered on the device. |
Secure boot underpins the access control which protects the vehicle networks | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-041 | Children: | Vendors shall implement a hardware based root of trust for boot authentication of the device. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-060 | Children: | The vendor shall provide a means (and document the process) for customers to verify the firmware in their devices. |
Is a rare feature to find deployed and is nice-to-have over and above secure boot | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-070 | Children: | The vendor shall utilize an array of code safety features across the entire collection of executables in its devices: ASLR, DEP, CFI, Stack Guards, Fortification, and RELRO. Unless that code safety feature is not applicable on the system architecture, in which case it should be noted. |
Without any of these, exploitation is trivial | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-071 | Children: | The vendor shall use the techniques of sanitizing/filtering inputs, segmenting memory spaces of input parsers from other execution and/or using provably correct or memory safe languages for input processing. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-080 | Children: | The vendor shall design security components that fail-secure to protect integrity of systems and data. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-081 | Children: | The vendor shall utilize protective mechanisms to protect components from unauthorized runtime/volatile modification of code. |
Not well defined enough to make this of critical importance to TSPs or carriers | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-090 | Children: | The vendor shall maintain a responsible disclosure program that allows for vulnerabilities discovered in the system (device, mobile app or backend) by researchers, and other external entities to be reported, tracked and mitigated. Vulnerability programs should include sufficient legal provisions to provide for a “Legal Safe Harbor” for researchers. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-100 | Children: | The vendor must monitor information systems for attack and unauthorized access including employing automated analysis tools |
Regardless of how secure a system might be it will eventually be breached; therefore monitoring is of high criticality e.g. SIEM, IDS, WAF, Application monitoring | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-110 | Children: | The vendor conducts regular vulnerability scans of operating environment to verify software components in use have been patched according to remediation SLAs. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-120 | Children: | The vendor shall have a vulnerability management process that includes steps to triage any found vulnerabilities and plan remediation. |
This requirement, if satisfied, shows process maturity but is nice-to-have over and above the previous requirements in this category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-130 | Children: | The vendor shall verify code and best practice standards prior to deployment including: Static Code Analysis / Static Application Security Testing (SCA/SAST) Dependency Scanning for known vulnerabilities in third party components |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-140 | Children: | The vendor shall implement ongoing monitoring and protection against malicious code in production using a well governed process that addresses all entry and exit points in the system. |
e.g. whitelisting, anti-malware scanning, cryptographic protections | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-150 | Children: | The vendor shall verify code according to best-practice coding standards |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-170 | Children: | The vendor shall actively monitor resources such as NIST Common Vulnerabilities and Exposures (CVE), Bugtraq, for security alerts and advisories related to the telematics system’s components |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-171 | Children: | The vendor shall notify their customers of any vulnerabilities discovered in the telematics systems components via monitoring or vulnerability disclosure programs. The notification to customers will happen in a timely manner. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-180 | Children: | Remediation SLA or objectives are defined and are adhered to by the security and development teams. Identified vulnerabilities are remediated or mitigated using suitable compensating controls |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-190 | Children: | The vendor’s software will have software resiliency measures included that will slow the progress of tampering and reverse engineering efforts. |
This is a nice-to-have. Mature solutions that process sensitive information in devices that could be in the hands of attackers are expected to have these protections; however, allowances should be made for products to focus on the necessary security controls first, for which these resiliency requirements are not a substitute | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | SII-200 | Children: | The vendor shall participate in a cybersecurity information sharing and analysis group in the heavy vehicle industry |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 11 |
NMFTA Telematics (Cloud Component) Security Requirements
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AA-010 | Parents: | This Cloud or Back-end component must satisfy requirement AA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-010 | Parents: | This Cloud or Back-end component must satisfy requirement AC-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-030 | Parents: | This Cloud or Back-end component must satisfy requirement AC-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-040 | Parents: | This Cloud or Back-end component must satisfy requirement AC-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-041 | Parents: | This Cloud or Back-end component must satisfy requirement AC-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-050 | Parents: | This Cloud or Back-end component must satisfy requirement AC-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-AC-070 | Parents: | This Cloud or Back-end component must satisfy requirement AC-070 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-CM-020 | Parents: | This Cloud or Back-end component must satisfy requirement CM-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-CM-030 | Parents: | This Cloud or Back-end component must satisfy requirement CM-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-CM-040 | Parents: | This Cloud or Back-end component must satisfy requirement CM-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-IA-010 | Parents: | This Cloud or Back-end component must satisfy requirement IA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-IA-030 | Parents: | This Cloud or Back-end component must satisfy requirement IA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-IR-010 | Parents: | This Cloud or Back-end component must satisfy requirement IR-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-M-010 | Parents: | This Cloud or Back-end component must satisfy requirement M-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-M-020 | Parents: | This Cloud or Back-end component must satisfy requirement M-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-M-030 | Parents: | This Cloud or Back-end component must satisfy requirement M-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-M-031 | Parents: | This Cloud or Back-end component must satisfy requirement M-031 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-M-032 | Parents: | This Cloud or Back-end component must satisfy requirement M-032 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-P-010 | Parents: | This Cloud or Back-end component must satisfy requirement P-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-P-020 | Parents: | This Cloud or Back-end component must satisfy requirement P-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-P-030 | Parents: | This Cloud or Back-end component must satisfy requirement P-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-PS-010 | Parents: | This Cloud or Back-end component must satisfy requirement PS-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-RA-010 | Parents: | This Cloud or Back-end component must satisfy requirement RA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-RA-020 | Parents: | This Cloud or Back-end component must satisfy requirement RA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SAA-010 | Parents: | This Cloud or Back-end component must satisfy requirement SAA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SAA-020 | Parents: | This Cloud or Back-end component must satisfy requirement SAA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SAA-030 | Parents: | This Cloud or Back-end component must satisfy requirement SAA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SAA-040 | Parents: | This Cloud or Back-end component must satisfy requirement SAA-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SAA-050 | Parents: | This Cloud or Back-end component must satisfy requirement SAA-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-010 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-011 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-020 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-030 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-040 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-050 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-090 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-091 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-091 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-092 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-092 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-110 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-110 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-120 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SCP-130 | Parents: | This Cloud or Back-end component must satisfy requirement SCP-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-010 | Parents: | This Cloud or Back-end component must satisfy requirement SII-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-011 | Parents: | This Cloud or Back-end component must satisfy requirement SII-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-020 | Parents: | This Cloud or Back-end component must satisfy requirement SII-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-021 | Parents: | This Cloud or Back-end component must satisfy requirement SII-021 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-070 | Parents: | This Cloud or Back-end component must satisfy requirement SII-070 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-071 | Parents: | This Cloud or Back-end component must satisfy requirement SII-071 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-080 | Parents: | This Cloud or Back-end component must satisfy requirement SII-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-081 | Parents: | This Cloud or Back-end component must satisfy requirement SII-081 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-090 | Parents: | This Cloud or Back-end component must satisfy requirement SII-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-100 | Parents: | This Cloud or Back-end component must satisfy requirement SII-100 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-110 | Parents: | This Cloud or Back-end component must satisfy requirement SII-110 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-120 | Parents: | This Cloud or Back-end component must satisfy requirement SII-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-130 | Parents: | This Cloud or Back-end component must satisfy requirement SII-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-140 | Parents: | This Cloud or Back-end component must satisfy requirement SII-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-150 | Parents: | This Cloud or Back-end component must satisfy requirement SII-150 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-170 | Parents: | This Cloud or Back-end component must satisfy requirement SII-170 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-171 | Parents: | This Cloud or Back-end component must satisfy requirement SII-171 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-180 | Parents: | This Cloud or Back-end component must satisfy requirement SII-180 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | CLOUD-SII-200 | Parents: | This Cloud or Back-end component must satisfy requirement SII-200 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 12 |
NMFTA Telematics (Connectivity or Communications Component) Security Requirements
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-010 | Parents: | This Connectivity/Communications component must satisfy requirement AC-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-020 | Parents: | This Connectivity/Communications component must satisfy requirement AC-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-030 | Parents: | This Connectivity/Communications component must satisfy requirement AC-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-040 | Parents: | This Connectivity/Communications component must satisfy requirement AC-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-041 | Parents: | This Connectivity/Communications component must satisfy requirement AC-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-050 | Parents: | This Connectivity/Communications component must satisfy requirement AC-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-060 | Parents: | This Connectivity/Communications component must satisfy requirement AC-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-061 | Parents: | This Connectivity/Communications component must satisfy requirement AC-061 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-062 | Parents: | This Connectivity/Communications component must satisfy requirement AC-062 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-063 | Parents: | This Connectivity/Communications component must satisfy requirement AC-063 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-AC-080 | Parents: | This Connectivity/Communications component must satisfy requirement AC-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-CM-010 | Parents: | This Connectivity/Communications component must satisfy requirement CM-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-CM-020 | Parents: | This Connectivity/Communications component must satisfy requirement CM-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-CM-030 | Parents: | This Connectivity/Communications component must satisfy requirement CM-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-CM-040 | Parents: | This Connectivity/Communications component must satisfy requirement CM-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-IA-010 | Parents: | This Connectivity/Communications component must satisfy requirement IA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-IA-020 | Parents: | This Connectivity/Communications component must satisfy requirement IA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-IA-030 | Parents: | This Connectivity/Communications component must satisfy requirement IA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-IR-010 | Parents: | This Connectivity/Communications component must satisfy requirement IR-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-M-010 | Parents: | This Connectivity/Communications component must satisfy requirement M-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-M-040 | Parents: | This Connectivity/Communications component must satisfy requirement M-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-PS-010 | Parents: | This Connectivity/Communications component must satisfy requirement PS-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-RA-010 | Parents: | This Connectivity/Communications component must satisfy requirement RA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-RA-020 | Parents: | This Connectivity/Communications component must satisfy requirement RA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SAA-010 | Parents: | This Connectivity/Communications component must satisfy requirement SAA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SAA-020 | Parents: | This Connectivity/Communications component must satisfy requirement SAA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SAA-030 | Parents: | This Connectivity/Communications component must satisfy requirement SAA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SAA-040 | Parents: | This Connectivity/Communications component must satisfy requirement SAA-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SAA-050 | Parents: | This Connectivity/Communications component must satisfy requirement SAA-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-010 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-011 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-020 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-030 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-040 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-060 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-090 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-091 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-091 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-120 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-130 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SCP-140 | Parents: | This Connectivity/Communications component must satisfy requirement SCP-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-010 | Parents: | This Connectivity/Communications component must satisfy requirement SII-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-011 | Parents: | This Connectivity/Communications component must satisfy requirement SII-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-020 | Parents: | This Connectivity/Communications component must satisfy requirement SII-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-021 | Parents: | This Connectivity/Communications component must satisfy requirement SII-021 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-030 | Parents: | This Connectivity/Communications component must satisfy requirement SII-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-040 | Parents: | This Connectivity/Communications component must satisfy requirement SII-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-041 | Parents: | This Connectivity/Communications component must satisfy requirement SII-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-060 | Parents: | This Connectivity/Communications component must satisfy requirement SII-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-070 | Parents: | This Connectivity/Communications component must satisfy requirement SII-070 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-071 | Parents: | This Connectivity/Communications component must satisfy requirement SII-071 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-080 | Parents: | This Connectivity/Communications component must satisfy requirement SII-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-081 | Parents: | This Connectivity/Communications component must satisfy requirement SII-081 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-090 | Parents: | This Connectivity/Communications component must satisfy requirement SII-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-110 | Parents: | This Connectivity/Communications component must satisfy requirement SII-110 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-120 | Parents: | This Connectivity/Communications component must satisfy requirement SII-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-130 | Parents: | This Connectivity/Communications component must satisfy requirement SII-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-140 | Parents: | This Connectivity/Communications component must satisfy requirement SII-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-150 | Parents: | This Connectivity/Communications component must satisfy requirement SII-150 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-170 | Parents: | This Connectivity/Communications component must satisfy requirement SII-170 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-171 | Parents: | This Connectivity/Communications component must satisfy requirement SII-171 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-180 | Parents: | This Connectivity/Communications component must satisfy requirement SII-180 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | COMMS-SII-200 | Parents: | This Connectivity/Communications component must satisfy requirement SII-200 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 13 |
NMFTA Telematics (Vehicle Connection Component) Security Requirements
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-010 | Parents: | This Vehicle Connection component must satisfy requirement AC-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-020 | Parents: | This Vehicle Connection component must satisfy requirement AC-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-030 | Parents: | This Vehicle Connection component must satisfy requirement AC-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-040 | Parents: | This Vehicle Connection component must satisfy requirement AC-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-041 | Parents: | This Vehicle Connection component must satisfy requirement AC-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-050 | Parents: | This Vehicle Connection component must satisfy requirement AC-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-060 | Parents: | This Vehicle Connection component must satisfy requirement AC-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-061 | Parents: | This Vehicle Connection component must satisfy requirement AC-061 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-062 | Parents: | This Vehicle Connection component must satisfy requirement AC-062 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-063 | Parents: | This Vehicle Connection component must satisfy requirement AC-063 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-AC-080 | Parents: | This Vehicle Connection component must satisfy requirement AC-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-CM-010 | Parents: | This Vehicle Connection component must satisfy requirement CM-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-CM-020 | Parents: | This Vehicle Connection component must satisfy requirement CM-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-CM-030 | Parents: | This Vehicle Connection component must satisfy requirement CM-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-CM-040 | Parents: | This Vehicle Connection component must satisfy requirement CM-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-IA-010 | Parents: | This Vehicle Connection component must satisfy requirement IA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-IA-020 | Parents: | This Vehicle Connection component must satisfy requirement IA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-IA-030 | Parents: | This Vehicle Connection component must satisfy requirement IA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-IR-010 | Parents: | This Vehicle Connection component must satisfy requirement IR-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-M-010 | Parents: | This Vehicle Connection component must satisfy requirement M-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-M-040 | Parents: | This Vehicle Connection component must satisfy requirement M-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-PS-010 | Parents: | This Vehicle Connection component must satisfy requirement PS-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-RA-010 | Parents: | This Vehicle Connection component must satisfy requirement RA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-RA-020 | Parents: | This Vehicle Connection component must satisfy requirement RA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SAA-010 | Parents: | This Vehicle Connection component must satisfy requirement SAA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SAA-020 | Parents: | This Vehicle Connection component must satisfy requirement SAA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SAA-030 | Parents: | This Vehicle Connection component must satisfy requirement SAA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SAA-040 | Parents: | This Vehicle Connection component must satisfy requirement SAA-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SAA-050 | Parents: | This Vehicle Connection component must satisfy requirement SAA-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-010 | Parents: | This Vehicle Connection component must satisfy requirement SCP-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-011 | Parents: | This Vehicle Connection component must satisfy requirement SCP-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-020 | Parents: | This Vehicle Connection component must satisfy requirement SCP-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-030 | Parents: | This Vehicle Connection component must satisfy requirement SCP-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-040 | Parents: | This Vehicle Connection component must satisfy requirement SCP-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-060 | Parents: | This Vehicle Connection component must satisfy requirement SCP-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-100 | Parents: | This Vehicle Connection component must satisfy requirement SCP-100 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SCP-140 | Parents: | This Vehicle Connection component must satisfy requirement SCP-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-010 | Parents: | This Vehicle Connection component must satisfy requirement SII-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-011 | Parents: | This Vehicle Connection component must satisfy requirement SII-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-020 | Parents: | This Vehicle Connection component must satisfy requirement SII-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-021 | Parents: | This Vehicle Connection component must satisfy requirement SII-021 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-030 | Parents: | This Vehicle Connection component must satisfy requirement SII-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-040 | Parents: | This Vehicle Connection component must satisfy requirement SII-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-041 | Parents: | This Vehicle Connection component must satisfy requirement SII-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-060 | Parents: | This Vehicle Connection component must satisfy requirement SII-060 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-070 | Parents: | This Vehicle Connection component must satisfy requirement SII-070 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-071 | Parents: | This Vehicle Connection component must satisfy requirement SII-071 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-080 | Parents: | This Vehicle Connection component must satisfy requirement SII-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-081 | Parents: | This Vehicle Connection component must satisfy requirement SII-081 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-090 | Parents: | This Vehicle Connection component must satisfy requirement SII-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-120 | Parents: | This Vehicle Connection component must satisfy requirement SII-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-130 | Parents: | This Vehicle Connection component must satisfy requirement SII-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-140 | Parents: | This Vehicle Connection component must satisfy requirement SII-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-150 | Parents: | This Vehicle Connection component must satisfy requirement SII-150 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-170 | Parents: | This Vehicle Connection component must satisfy requirement SII-170 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-171 | Parents: | This Vehicle Connection component must satisfy requirement SII-171 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-180 | Parents: | This Vehicle Connection component must satisfy requirement SII-180 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | VEH-SII-200 | Parents: | This Vehicle Connection component must satisfy requirement SII-200 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Section | 14 |
NMFTA Telematics (Mobile App Component) Security Requirements
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-010 | Parents: | This Mobile App component must satisfy requirement AC-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-030 | Parents: | This Mobile App component must satisfy requirement AC-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-040 | Parents: | This Mobile App component must satisfy requirement AC-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-041 | Parents: | This Mobile App component must satisfy requirement AC-041 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-050 | Parents: | This Mobile App component must satisfy requirement AC-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-AC-080 | Parents: | This Mobile App component must satisfy requirement AC-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-CM-020 | Parents: | This Mobile App component must satisfy requirement CM-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-CM-030 | Parents: | This Mobile App component must satisfy requirement CM-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-CM-040 | Parents: | This Mobile App component must satisfy requirement CM-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-IA-010 | Parents: | This Mobile App component must satisfy requirement IA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-IA-030 | Parents: | This Mobile App component must satisfy requirement IA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-IR-010 | Parents: | This Mobile App component must satisfy requirement IR-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-M-010 | Parents: | This Mobile App component must satisfy requirement M-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-PS-010 | Parents: | This Mobile App component must satisfy requirement PS-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-RA-010 | Parents: | This Mobile App component must satisfy requirement RA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-RA-020 | Parents: | This Mobile App component must satisfy requirement RA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SAA-010 | Parents: | This Mobile App component must satisfy requirement SAA-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SAA-020 | Parents: | This Mobile App component must satisfy requirement SAA-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SAA-030 | Parents: | This Mobile App component must satisfy requirement SAA-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SAA-040 | Parents: | This Mobile App component must satisfy requirement SAA-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SAA-050 | Parents: | This Mobile App component must satisfy requirement SAA-050 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-010 | Parents: | This Mobile App component must satisfy requirement SCP-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-011 | Parents: | This Mobile App component must satisfy requirement SCP-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-020 | Parents: | This Mobile App component must satisfy requirement SCP-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-030 | Parents: | This Mobile App component must satisfy requirement SCP-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-040 | Parents: | This Mobile App component must satisfy requirement SCP-040 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-090 | Parents: | This Mobile App component must satisfy requirement SCP-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-091 | Parents: | This Mobile App component must satisfy requirement SCP-091 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-120 | Parents: | This Mobile App component must satisfy requirement SCP-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-130 | Parents: | This Mobile App component must satisfy requirement SCP-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SCP-140 | Parents: | This Mobile App component must satisfy requirement SCP-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-010 | Parents: | This Mobile App component must satisfy requirement SII-010 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-011 | Parents: | This Mobile App component must satisfy requirement SII-011 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-020 | Parents: | This Mobile App component must satisfy requirement SII-020 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-021 | Parents: | This Mobile App component must satisfy requirement SII-021 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-030 | Parents: | This Mobile App component must satisfy requirement SII-030 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-070 | Parents: | This Mobile App component must satisfy requirement SII-070 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-071 | Parents: | This Mobile App component must satisfy requirement SII-071 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-080 | Parents: | This Mobile App component must satisfy requirement SII-080 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-081 | Parents: | This Mobile App component must satisfy requirement SII-081 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-090 | Parents: | This Mobile App component must satisfy requirement SII-090 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-120 | Parents: | This Mobile App component must satisfy requirement SII-120 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-130 | Parents: | This Mobile App component must satisfy requirement SII-130 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-140 | Parents: | This Mobile App component must satisfy requirement SII-140 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-150 | Parents: | This Mobile App component must satisfy requirement SII-150 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-170 | Parents: | This Mobile App component must satisfy requirement SII-170 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-171 | Parents: | This Mobile App component must satisfy requirement SII-171 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-180 | Parents: | This Mobile App component must satisfy requirement SII-180 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-190 | Parents: | This Mobile App component must satisfy requirement SII-190 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Requirement | MOBILE-SII-200 | Parents: | This Mobile App component must satisfy requirement SII-200 |