Further Reading & References

This page provides a curated set of official documents, standards, and supporting materials relevant to GB/T 44495 (Automotive Cybersecurity) and GB/T 44496 (Software Updates). These resources can help you understand the broader regulatory and engineering landscape and plan effective compliance strategies for the Chinese market.

1) Official Standards

• GB/T 44495-2023: Road vehicles — Cybersecurity engineering process guidance (中华人民共和国国家标准).
• GB/T 44496-2023: Road vehicles — Software update process guidance (中华人民共和国国家标准).
• Available through the Standardization Administration of China (SAC) and official National Standards Service Platform (std.samr.gov.cn).

2) Related International Standards

• ISO/SAE 21434:2021 — Road vehicles: Cybersecurity engineering.
• UNECE Regulation No. 155 — Cybersecurity and Cybersecurity Management System (CSMS).
• UNECE Regulation No. 156 — Software Update and Software Update Management System (SUMS).
• ISO 24089:2023 — Road vehicles: Software update engineering.
• ISO/PAS 5112:2022 — Audit framework for cybersecurity engineering.

3) Supplementary Chinese References

• MIIT Cybersecurity Review Measures (工业和信息化部 网络安全审查办法) — Regulatory guidance for automotive systems connected to networks.
• Data Security Law (数据安全法) & Personal Information Protection Law (个人信息保护法) — Key legal foundations for telemetry, logs, and residency.
• GB/T 42007 series — Information security techniques (baseline for PKI, access control, and cryptography).
• MIIT Guidelines on Automotive Data Security Management (汽车数据安全管理若干规定).

4) Practical Implementation Guides

• ISO/UNECE ↔ GB/T Crosswalk: mapping organizational and engineering clauses (internal or consulting reference).
• CSMS/SUMS Readiness Checklist: overview of expected artifacts for global and CN markets.
• Cybersecurity Audit Frameworks: ISO/PAS 5112-based internal audit templates, localized for China.
• Evidence Index Template: bilingual (EN/中文) spreadsheet for document tracking and audit traceability.

5) Recommended Reading for Teams

• SAE J3061 — Cybersecurity guidebook for cyber-physical vehicle systems (predecessor to ISO/SAE 21434).
• NIST SP 800-160 Vol.2 — Systems Security Engineering.
• NIST SP 800-218 — Secure Software Development Framework (SSDF).
• ETSI EN 303 645 — Baseline IoT security requirements (useful for telematics/connected modules).

6) Professional & Academic Resources

• Ministry of Industry and Information Technology (MIIT) — policy updates and automotive cybersecurity guidance.
• UNECE Vehicle Regulations Portal — consolidated R155/R156 texts.
• International Organization for Standardization (ISO) — purchase and preview of official standards.
• Cyberspace Administration of China (CAC) — data & cybersecurity policy updates.

7) How We Can Help

We assist global OEMs and Tier-1 suppliers in:

• Building bilingual (EN/中文) documentation aligned with GB/T expectations.
• Performing crosswalks between ISO/UNECE and Chinese standards.
• Preparing readiness evidence for audits and authority reviews.
• Conducting CSMS/SUMS internal assessments and supplier trainings.