Supply Chain Material [PDF]
Cybersecurity within the supply chain is critical to the cybersecurity of the overall product. This page provides links to the supplier chain-specific AVCDL documentation.
A set of training videos complementing the written AVCDL supply chain documents. A list of the available videos can be found here.
The following diagram illustrates the relationship between the various supply chain-related documents within the AVCDL.
The following are some general supply chain-related materials.
This is an overview of how supply chain cybersecurity is addressed within the AVCDL.
| Blog Post | Turtles All the Way Down: Security at Every Level | link |
| Guidance | Understanding Supply Chain Interaction in an AVCDL Context | link |
| Video | AVCDL Supply chain overview | link |
The following diagram illustrates the relationship between the various supplier selection-related documents within the AVCDL.
Note that the diagram is broken into three phases:
- request for information (RFI)
- request for quote (RFQ)
- development / production / post-production
The following sections address the two phases specific to supplier selection.
During the RFI phase, the supplier is asked to provide information used to determine their cybersecurity maturity and implemented processes.
This material covers how to complete the supplier cybersecurity manufacturer disclosure statement.
| Blog Post | AVCMDS: Autonomous Vehicle Cybersecurity Manufacturer Disclosure Statement | link |
| Guidance | Autonomous Vehicle Cybersecurity Manufacturer Disclosure Statement | link |
| Template | AVCMDS Worksheet template.xlsx | link |
| Video | AVCMDS | link |
This material covers how to complete the supplier cybersecurity process maturity assessment.
| Blog Post | Where are You at? Level Setting Supplier Cybersecurity Maturity | link |
| Guidance | Supplier Self-reported Cybersecurity Maturity Assessment | link |
| Template | AVCDL vendor CMM template.xlsx | link |
| Video | supplier maturity | link |
This material covers how to map established supplier cybersecurity processes to their AVCDL counterparts.
| Guidance | Understanding Supplier Cybersecurity Process Mapping | link |
| Template | vendor process - AVCDL product mapping template.xlsx | link |
| Video | vendor process mapping | link |
During the RFQ phase, the supplier and customer establish the responsibilities in the creation, deployment, operation, and decommissioning of the product the supplier provides.
| Blog Post | Yours, Mine, and Ours: The AVCDL and Cybersecurity Interface Agreements | link |
| Guidance | Understanding Cybersecurity Interface Agreements | link |
| Template | AVCDL Cybersecurity Interface Agreement template.docx | link |
| Guidance | Understanding Service Level Agreements in an AVCDL Context | link |