The purpose of the Guides is to assist automotive industry stakeholders with identifying, prioritizing, treating, and monitoring vehicle cybersecurity risks. The Guides provide forward-looking guidance without being prescriptive or restrictive. These best practices are:

• Not Required. Companies have the autonomy and ability to select and voluntarily adopt practices based on their respective risk landscapes and organizational structures.

• Aspirational. These practices are forward-looking and voluntarily implemented over time, as appropriate.

• Living. Auto-ISAC plans to periodically update this Guide to adapt to the evolving automotive cybersecurity landscape.