IAF Digital Integrity Standard
IAF-DSI v1.0 – Draft for Stakeholder Review
This page presents the scope, process, and requirements of our digital systems integrity certification standard.
What is it?
This standard supplies a harmonised, internationally recognisable benchmark that certifies a vehicle’s—or safety-critical product’s, or service’s—ability to resist cyber-intrusion, manage secure software life-cycles and protect data with verifiable robustness.
Why does it matter?
Modern vehicles rely on software, cloud connectivity, and remote updates—making cybersecurity, data privacy, and digital continuity as critical as physical safety. This standard ensures trust and compliance.
Scope & Certification Families
| Family | Intended Object | Resulting Mark | Typical Examples |
|---|---|---|---|
| A. Secure Vehicle | Complete vehicle incl. ECUs, comms & cloud back-end | IAF Secure Vehicle | OTA-enabled passenger car; Level-4 shuttle |
| B. Secure Product | Safety-critical software, ECU, middleware, connectivity module | IAF Secure Product | ADAS domain controller; telematics box; V2X stack |
| C. Secure Service | Digital mobility, OTA platform, SOC, CSMS as a service | IAF Secure Service | Fleet OTA update cloud; 24/7 vehicle SOC |
Normative References
- ISO/SAE 21434 – Road-Vehicle Cybersecurity Engineering
- UNECE WP.29 R155 & R156 – CSMS & Software Update Management
- ISO 24089 – OTA Software Update Engineering
- ISO/IEC 27001 + NIST SP 800-53 (Back-end security)
- GDPR & CCPA for personal-data protection
- CVE / CVSS vulnerability disclosure frameworks
Full annotated reference list in Annex A.
How does it work?
The standard uses a 6-pillar cyber-evaluation. Applicants must provide evidence proving compliance. Independent experts review and score each pillar.
| Pillar | Weight | Vehicle Evidence | Product / Service Evidence |
|---|---|---|---|
| Secure Architecture & Firmware Integrity | 20% | Bootloader auth, dual-bank firmware, secure debug lock | Signed image, SBOM, static-analysis report |
| OTA Robustness & Roll-back Protection | 15% | ISO 24089 conformance test, delta-update validation | End-to-end encryption, fail-safe strategy doc |
| Data Encryption & Privacy Compliance | 15% | GDPR DPIA, AES-256 encryption, key management | Cloud ISO 27001 cert, privacy-by-design proof |
| Intrusion Detection & Logging (IDPS) | 15% | UNECE R155 Attack-Route inventory, CAN IDS tests | SOC run-book, SIEM alert coverage report |
| Functional Safety & Cyber Co-Engineering | 15% | ISO 26262/21434 interface, TARA | Safety case linking SW/FW threats |
| Incident Response & Patch Management | 20% | CSMS audit, 72h disclosure process, CVE handling | SLA for critical CVEs ≤30 days; audit trail |
Label Usage Guide
- Artwork provided in colour and mono.
- Must show tier and certificate ID (QR).
- Vehicle HMI splash during boot permitted (500 ms fade-in).
- Public certificate at iaf.com/cert/ID.
- Misuse results in suspension.
Example Draft Artwork — Digital Integrity (Secure)
The visuals below are draft artwork for demonstration. Final colors, spacing, and minimum-size rules will be defined in the IAF Brand Guidelines.
IAF Secure Vehicle
For certified vehicle models meeting Digital Integrity criteria (secure updates, cryptography, privacy-by-design).
- Tier & Certificate ID required
- Recommended: window decal / digital certificate QR
IAF Secure Product
For certified components/modules (ECUs, telematics, sensors) conforming to secure SDLC & firmware integrity.
- Tier & Certificate ID required
- Datasheet/packaging placement; min. print width 20 mm
IAF Secure Service
For certified services (cloud/OTA platforms, SOC, data processing) under accredited security processes.
- Tier & Certificate ID required
- Use on reports, dashboards, facility signage
Application & Assessment
- Intake & completeness check (7 days)
- Dual SME review (Cyber & Safety experts)
- Witness test or panel hearing
- Scoring & decision by Digital Integrity Committee
- Certification issuance
- Annual surveillance, pen-test rerun every 24 months
Timeline & Contact
Committee Draft issued
30-day public comment window opens; structured feedback encouraged (change requests, test evidence, threat cases).
Pilot audits (field validation)
1 OEM, 1 Tier-1 supplier, 1 OTA platform. Scope: software update integrity, key management, telemetry protection, incident reporting.
Feature freeze & change control
Critical issues only; editorial fixes continue. Final ballot package prepared for committee vote.
Target final publication
Digital Integrity Standard v1.0 released; accreditation criteria & audit guide v1.0 published.
Implementation guidance
Practitioner’s guide, sample evidence pack, and assessors’ checklist v1.1 (post-release errata incorporated).