The Cybersecurity Extension for ASPICE - A View from ASPICE Assessors

Christian Schlager*, Georg Macher

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


ASPICE has been introduced to development of embedded systems at automotive suppliers to assess the capability of processes. ASPICE covers processes for software, system, quality assurance, configuration management, problem resolution, change management, project management and supplier monitoring. It defines a scheme for determining the capability of the process based on the underlying PAM. HW Spice is also taken into consideration, because it is also necessary for Cybersecurity, but not mechanical Spice. Based on ASPICE VDA defined processes for Cybersecurity Engineering, Cybersecurity Risk Management and Supplier Request and Selection. This means additional effort for the assessors and also the engineering team when the ASPICE assessment is extended by processes of Cybersecurity to satisfy the requirements of standard ISO/SAE 21434. This paper investigates for the method of mapping the base practices (BP) of cybersecurity process defined by VDA to BP of ASPICE process(es) to reduce the time of an assessment by merging the Base Practices of Processes from Cybersecurity with the Base Practices of Processes from ASPICE.

Original languageEnglish
Title of host publicationSystems, Software and Services Process Improvement - 28th European Conference, EuroSPI 2021, Proceedings
EditorsMurat Yilmaz, Paul Clarke, Richard Messnarz, Michael Reiner
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages14
ISBN (Print)9783030855208
Publication statusPublished - 2021
Event28th European Conference on Systems, Software and Services Process Improvement: EuroSPI 2021 - Krems, Austria
Duration: 1 Sept 20213 Sept 2021

Publication series

NameCommunications in Computer and Information Science
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937


Conference28th European Conference on Systems, Software and Services Process Improvement


  • Assessment
  • Cybersecurity

ASJC Scopus subject areas

  • Computer Science(all)
  • Mathematics(all)

Cite this