Auto-Unece-Cybersecurity
Verifiedby Dryade
Requires enterprise tier subscription
Description
UNECE R155/R156 automotive cybersecurity compliance: TARA worksheets, threat catalog mapping, and CSMS evidence generation
Screenshots
Details
auto-unece-cybersecurity
Tier: Enterprise | Type: Agent | Category: Compliance | Version: 1.0.0
AI-powered UNECE R155/R156 automotive cybersecurity compliance assistant. Generates TARA worksheets per ISO 21434, maps threats from UNECE Annex 5 catalog to vehicle systems, and produces CSMS evidence documentation for type approval.
1. Overview
Plugin Name: auto-unece-cybersecurity Slug: auto-unece-cybersecurity Required Tier: Enterprise Plugin Type: Agent (orchestrator-integrated tools) Category: Compliance Author: Dryade License: DSUL
What It Does
Assists automotive cybersecurity engineers with UNECE R155 (Cybersecurity Management System) and R156 (Software Update Management System) type approval compliance. Takes vehicle system architecture as input, maps threats from the UNECE Annex 5 catalog (70+ threats across 7 categories), generates TARA worksheets with risk assessment and control recommendations, and identifies cybersecurity control gaps.
Key Capabilities
- TARA worksheet generation from vehicle system architecture
- UNECE Annex 5 threat catalog with 20+ threats across 7 categories
- Cybersecurity control catalog with 15 controls mapped to threat categories
- Risk assessment with attack feasibility scoring
- CSMS evidence checklist for type approval preparation
2. User Stories
Primary User Stories
US-1: Generate TARA for Vehicle System
As a cybersecurity engineer, I want to generate a TARA worksheet from a system architecture so that I can identify applicable threats and required controls efficiently.
Acceptance Criteria:
- [ ] Threats from Annex 5 matched to system components
- [ ] Risk levels assessed per threat
- [ ] Recommended controls listed for each threat
US-2: Identify Control Gaps
As a cybersecurity engineer, I want to compare my existing controls against the required catalog so that I can prioritize implementation efforts.
Acceptance Criteria:
- [ ] Control coverage percentage calculated
- [ ] Missing controls listed with priority and description
- [ ] Gap list can be used as remediation backlog
Edge Cases
- No components specified: Returns all threats (generic mapping)
- Unknown system name: Still generates TARA from threat catalog
3. Architecture
Component Diagram
+------------------+ +------------------+ +------------------+
| Plugin Router | --> | TARA Engine | --> | Data Provider |
| /auto-unece- | | Threat Mapper | | (mock / real) |
| cybersecurity/* | | Control Checker | +------------------+
+------------------+ +------------------+ |
| +-----v------+
+-----v------+ | Demo Data |
| Annex 5 | | data/*.json|
| Catalog | +------------+
+------------+
Dependencies
- Internal: core.plugins.EnterprisePluginProtocol, core.plugin_config_store.PluginConfigStore
- External: None
- Plugin: None
4. API Spec / Agent Capabilities
REST Endpoints
| Method | Path | Description | Auth |
|--------|------|-------------|------|
| GET | /auto-unece-cybersecurity/health | Health check | No |
| GET | /auto-unece-cybersecurity/threats | List Annex 5 threats | Yes |
| POST | /auto-unece-cybersecurity/tara | Generate TARA worksheet | Yes |
| POST | /auto-unece-cybersecurity/map-threats | Map threats to components | Yes |
| POST | /auto-unece-cybersecurity/control-gaps | Identify control gaps | Yes |
5. Data Flow
Processing Pipeline
- User provides vehicle system architecture or component list
- Plugin loads UNECE Annex 5 threat catalog and control catalog
- Threats matched to components by target component keywords
- Risk assessed using attack feasibility and impact ratings
- Recommended controls mapped from control catalog
Demo Data Description
annex5-threats.json: 20 threats across 7 UNECE categoriescontrol-catalog.json: 15 cybersecurity controls with threat mappingtara-examples.json: 2 complete TARA examples (ADAS gateway, TCU)vehicle-architectures.json: 2 vehicle architecture descriptionscsms-checklist.json: 6-section CSMS evidence checklist
6. Security Considerations
- PII: No -- processes technical cybersecurity documentation
- External APIs: None -- fully self-contained, on-premise only
- Cybersecurity data never leaves the deployment environment
7. Test Plan
Test Classes
| Class | Tests | Coverage | |-------|-------|----------| | TestPluginAttributes | 7 | Manifest fields | | TestMarketplace | 3 | Marketplace metadata | | TestThreatCatalog | 4 | Annex 5 data | | TestControlCatalog | 3 | Control data | | TestDemoData | 6 | All data files | | TestPluginModule | 2 | Module structure |
Running Tests
cd dryade-plugins
python -m pytest enterprise/auto-unece-cybersecurity/tests/ -x -v --tb=short
8. Deployment Notes
No additional Python packages required. Default config: {"data_source": "mock"}.
- Min Dryade Version: 1.0.0
- Python: >=3.11
9. User Guide
Getting Started
- Ensure your Dryade instance has an Enterprise tier license
- Install via marketplace or
dryade-pm push - Ask the orchestrator about UNECE cybersecurity compliance
Common Workflows
Workflow 1: Generate TARA
- Describe the vehicle system (e.g., "ADAS Gateway with radar and camera")
- Plugin generates threat assessment from Annex 5 catalog
- Review threats and control recommendations
Workflow 2: Control Gap Analysis
- Provide list of existing cybersecurity controls
- Plugin identifies gaps against the recommended control catalog
- Use gaps list as remediation backlog
10. Screenshots
Plugin operates via API/chat interface. No dedicated UI.
11. Changelog
1.0.0 (2026-03-05)
- Initial release
- UNECE Annex 5 threat catalog (20+ threats, 7 categories)
- Cybersecurity control catalog (15 controls)
- TARA worksheet generation
- CSMS evidence checklist
- Demo TARA examples for ADAS Gateway and TCU
Future Roadmap
- [ ] ISO 21434 full TARA methodology automation
- [ ] R156 software update management compliance module
- [ ] Integration with vulnerability databases (CVE/NVD)
Requires enterprise tier subscription