Glossary · ISO/SAE 21434

Cybersecurity Management System (CSMS)

Also known as: Cybersecurity Management System

Organisational management system that governs cybersecurity activities for road-vehicle programmes.

A CSMS is the policies, processes, roles, and resources an organisation uses to identify, analyse, treat, and continually monitor cybersecurity risk across vehicle programmes. ISO/SAE 21434 Clause 5 defines the organisational requirements; UNECE R155 makes a certified CSMS a precondition for vehicle type approval in adopting markets.

Why it matters

A CSMS certificate has a fixed validity (typically three years) and is audited annually. Without it, type-approval submissions stall and OEMs cascade contractual cybersecurity obligations to suppliers via Cybersecurity Interface Agreements.

Related terms

ISO/SAE 21434
International standard for road-vehicle cybersecurity engineering across the lifecycle.
UNECE R155
UN Regulation requiring vehicle manufacturers to operate a certified Cybersecurity Management System.
AIS 189
India's emerging automotive cybersecurity standard, derived from UN R155.

Cybersecurity Engineering
ISO/SAE 21434 Guide

Need help applying Cybersecurity Management System (CSMS) on a programme? Use the contact form or request a KAVACH demo.

Cybersecurity Management System (CSMS)

ISO/SAE 21434

UNECE R155

AIS 189