Device Class 1 Areas

Detailed controls for Class 1 ITSRE, CVRSE and Vehicle OBE

Device Class 1:

• Confidentiality: Low
• Integrity: Moderate
• Availability: Moderate

Devices of this class must meet controls from NIST 800-53 and ISO/IEC 15408 in the following areas:

• Access Control
• Audit and Accountability
• Configuration Management
• Contingency Planning
• Identification and Authentication
• Incident Response
• Media Protection
• Privacy
• Risk Assessment
• System and Communications Protection
• System and Information Integrity
• System and Services Acquisition

In addition, organizations that develop, operate or maintain devices of this class must meet controls from NIST 800-53 and ISO/IEC 15408 the areas above and the following additional areas:

• Awareness and Training
• Maintenance
• Personnel Security
• Physical and Environmental Protection
• Planning
• Security Assessment and Authorization

For example, an Vehicle that has on-board systems receiving traveler information, such as in TI07.