The core AVCDL documents are complete.
As additional documents are created, they'll appear here.
The following table shows the status of the various AVCDL elements.
| Document | Status |
|---|---|
| General | |
| Security Requirements Taxonomy | complete |
| Secure Design Principles | complete |
| Element Cybersecurity Relevancy | complete |
| Elaboration | |
| Code Signing | complete |
| Incremental AVCDL Adoption | complete |
| Software Bill of Materials Lifecycle | complete |
| Understanding Cybersecurity Interface Agreements | complete |
| Understanding the Phase Products Dependencies Graph | complete |
| Understanding Workflow Graphs | complete |
| Manifest Generation | complete |
| Understanding TARA in an AVCDL Context | complete |
| Understanding Open Source in an AVCDL Context | complete |
| AVCDL Documentation Management | complete |
| Understanding Supplier Cybersecurity Process Mapping | complete |
| Understanding Cybersecurity Risk Freshness in an AVCDL Context | complete |
| Understanding Verification and Validation in an AVCDL Context | complete |
| Understanding Supply Chain Interaction in an AVCDL Context | complete |
| Understanding the Extended CIA Model | complete |
| Understanding the AVPDL | complete |
| Creating a Development Lifecycle | complete |
| Understanding Service Level Agreements in an AVCDL Context | complete |
| Certification | |
| AVCDL Phase Requirement Product ISO 21434 Work Product Fulfillment Summary | complete |
| AVCDL Phase Requirement Product ISO 24089 Work Product Fulfillment Summary | complete |
| AVCDL Phase Requirement Product ISO 26262 Work Product Fulfillment Summary | complete |
| AVCDL Phase Requirement Product UNECE WP.29 R155 Work Product Fulfillment | complete |
| Supplier Processes | |
| AVCMDS | complete |
| Supplier Self-Reported Cybersecurity Maturity Assessment | complete |
| Cybersecurity Interface Agreement | complete |
| Foundation Phase | |
| Training Catalog | complete |
| System to Track Training Participation | complete |
| Roles and Responsibilities | complete |
| List of Approved Tools and Components | complete |
| Global Security Goals | complete |
| Global Security Requirements | complete |
| Code Protection Plan | complete |
| Release Integrity Plan | complete |
| Cybersecurity Monitoring Plan | complete |
| Incident Response Plan | complete |
| Decommissioning Plan | complete |
| Threat Prioritization Plan | complete |
| Deployment Plan | complete |
| Requirements Phase | |
| Product-level Security Goals | complete |
| Product-level Security Requirements | complete |
| Requirements Phase Gate | complete |
| Design Phase | |
| Design Showing Security Considerations | complete |
| Security Design Review Report | complete |
| Attack Surface Analysis Report | complete |
| Threat Modeling Report | complete |
| Ranked / Risked Threat Report | complete |
| Threat Report | complete |
| Design Phase Gate | complete |
| Implementation Phase | |
| List of Tools and Components Used | complete |
| Build Process Documentation | complete |
| Secure Setting Document | complete |
| Component / Version - Product / Version Cross-Reference | complete |
| Secure Development | complete |
| Currently Used Deprecated Functions | complete |
| Static Analysis Report | complete |
| Dynamic Analysis Report | complete |
| Secure Code Review Summary | complete |
| Fuzz Testing Report | complete |
| Implementation Phase Gate | complete |
| Verification Phase | |
| Penetration Testing Report | complete |
| Updated Threat Model | complete |
| Updated Attack Surface Analysis | complete |
| Verification Phase Gate | complete |
| Release Phase | |
| Final Security Review Report | complete |
| Archive Manifest | complete |
| Release Phase Gate | complete |
| Operation Phase | |
| Cybersecurity Incident Report | complete |
| Software Deployment Report | complete |
| Decommissioning Phase | |
| Decommissioning Report | complete |
| Status | Description |
|---|---|
| template | not completed |
| draft | pending certification body review |
| complete | reviewed by certification body |