Support for Cybersecurity is currently provided as an independent project template for the upcoming standard ISO 21434. This template provides keywords for taxonomy mnemonic-based threat identification methods and the HEAVENS risk graph for assessment.
The default cybersecurity profile project template consists of the following package structure:
Context Establishment
This package supports the creation of System Design models that represent the target of an evaluation for the cybersecurity analysis.
Threat Analysis and Risk Assessment
This package supports the creation of TARA tables and collections for threats and attacks
Security Goals and Requirements
System Design
System Design models are managed in this package. They can be created or imported as needed.
Hardware Models
Software Models
Security Analysis
Attack Trees
Attack Trees to describe attack scenarios can be modelled in this package.
Additionally there is another project template that fully supports the analyses for functional safety according to ISO26262 as well as for Cybersecurity in one medini project. Its package structure is as follows:
Item Definition/Context Establishment
This package supports the creation of System Design models that represent the target of a evaluation for the cybersecurity analysis.
Hazard Analysis and Risk Assessment
Threat Analysis and Risk Assessment
This package supports the creation of TARA tables and collections for threats and attacks
Safety/Security Goals and Requirements
System Design
System Design models are managed in this package. They can be created or imported as needed.
Hardware Models
Software Models
Safety/Security Analysis
FMEA Worksheets
System Weakness Analysis
FTA Models
Diagnostic Coverage
Attack Trees
Attack Trees to describe attack scenarios can be modelled in this package.
In case you started your work in a medini project for functional safety according to ISO26262 and you want to add Cybersecurity analyses to that same project you can add the corresponding domain profile by clicking the 'Add Cybersecurity Nature' menu in the Project's main menu.
Subsequently new packages for the Cybersecurity models (e.g. TARA, Attack Trees, etc.) can be created. Those should get the appropriate content types associated (see Management of package structure).
Furthermore the diff/merge feature can be used transfer common artefacts between a safety and a security project, keeping a maximum of consistency while still separating the artefacts.