PAS 11281 Connected and autonomous vehicles (CAVs)
Essential maintenance work will be carried out on BSI Shop over the weekend of 12 and 13 June 2021. BSI Shop will be operational during this time but you might experience slowness for a very brief period of time. Please accept our apologies for any inconvenience this may cause.

PAS 11281:2018

Connected automotive ecosystems. Impact of security on safety. Code of practice

Status : Current   Published : December 2018



What is this PAS about?

Connected and autonomous vehicles (CAVs) are now a reality. What’s more this is an area in which connected computer systems directly control behaviour in the real world, meaning there’s a direct link between CAV cyber security and physical – especially road – safety. This PAS therefore aims to help organizations in the CAV ecosystem ensure that security-related risks in their products, services or activities don’t pose an unacceptable safety risk in the physical world.

Who is this PAS for?

Intended users are manufacturers, operators and maintainers of products, systems and services used in a connected automotive ecosystem. This includes:

  • Manufacturers of vehicle subsystems
  • Vehicle manufacturers
  • Maintenance organizations
  • Infrastructure operators
  • Owners of large vehicle fleets
  • Digital service providers

It might also be of interest to regulators and other stakeholders in the connected automotive ecosystem and to users/operators of vehicles.

Why should you use this PAS?

It gives recommendations for managing security risks that might compromise safety in a connected automotive ecosystem.

It covers both the entire connected automotive ecosystem and its constituent systems throughout their lifetimes (including manufacturing, supply chain and maintenance activities).

The ecosystem includes vehicles (both those used on public roads, such as cars, and those used for off-road activities such as farming and mining), as well as road-side and other static infrastructure, communication channels between vehicles and infrastructure, servicing and repair facilities, digital services, data and information and other services that support the proper operation of road transport. All levels of vehicle automation and autonomy are in scope.

The PAS applies to risks that can affect a single system, a few systems, or are on a small scale. It also gives recommendations for managing systemic risks – wider risks which might appear small, but which become more significant when interdependencies are considered and where the vulnerability of a single or a few entities poses more widespread risk.

The PAS aims to help organizations in the connected automotive ecosystem ensure that security-related risks in their products, services or activities do not pose unacceptable risks to safety. In line with modern regulatory approaches, the recommendations are framed as outcome-based measures, while also suggesting some specific features that adequate security arrangements would be expected to have.

The outcome-based approach has the added benefit of enabling compatibility with other standards and guidance in the area, including:

  1. Department for Transport (DfT) Centre for Connected and Autonomous Vehicles (CCAV): The key principles of cyber security for connected and automated vehicles
  2. European Union Agency Network and Information Security (ENISA): Cyber security and resilience of smart cars – good practices and recommendations
  3. National Highway Traffic Safety Administration (NHTSA): Cybersecurity for Modern Vehicles
  4. National Cybersecurity Centre (NCSC): Network and Information Security (NIS) Directive guidance

Standard NumberPAS 11281:2018
TitleConnected automotive ecosystems. Impact of security on safety. Code of practice
Publication Date31 December 2018
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)BS ISO/IEC 29147, BS ISO 26262, ISO 10393, BS 10754, PAS 1885, BS EN IEC 62443, BS ISO/IEC 27035, BS ISO 20077-1, IEC 61508:2011, BS ISO 55000, BS EN ISO/IEC 27042, BS EN ISO/IEC 27037, PAS 1085, BS ISO/IEC/IEEE 15288, IEC 61511-1, BS ISO 28000, PD ISO/IEC TS 17961:2013, BS EN ISO/IEC 27002:2017, BS EN ISO 22300:2018, BS ISO/IEC 15026-2:2011, PD ISO/IEC GUIDE 51:2014, PAS 1192-5:2015, PD ISO/IEC TR 24772:2013, BS ISO 26021-2:2008, BS ISO/IEC 27032:2012, BS ISO 14229-1:2013
DescriptorsVehicles, Motor vehicles, Safety, Security, Ecosystems
ISBN978 0 539 02394 7
File Size6.532 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


Access, view and download standards with multiple user access, across multiple sites with BSOL

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Customers who bought this product also bought

  • PAS 1885:2018
    The fundamental principles of automotive cyber security. Specification