diff --git a/process/_assets/score_process_area_overview.drawio.svg b/process/_assets/score_process_area_overview.drawio.svg index 6713141e02..28fe4a2c65 100644 --- a/process/_assets/score_process_area_overview.drawio.svg +++ b/process/_assets/score_process_area_overview.drawio.svg @@ -1,4 +1,4 @@ -


Process Areas - Development










 
Process Areas - Development...
Introduction
Introduction


Process Areas - Management










 
Process Areas - Management...
Requirements
Enngineering





Requirements...
Safety
Management
Safety...


Change Management

Change Managem...
Documentation
Management
Documentation...
General Concepts
General Concepts
Standards
Standards
Roles
Roles

Architecture





Architectur...
Imple-mentation

(Detailed Design,
Coding)
Imple-menta...
Problem Resolution
Problem Resolu...
ML 4
ML 4
ML 2
ML 2
ML 1
ML 1


Verification






Verificatio...
Configuration
Management
Configuration...
Tool
Management
Tool...
Quality
Management
Quality...
Project
Management
Project...
Maturity Level
Maturity Level
ML 0
ML 0
Safety
Analysis




Safety...
Work Products
Work Products
Workflows
Workflows
ML 3
ML 3
Plan
Process definition planned
Documents not available or most empty
Plan -...
Initial
Process definition in place, but not yet compliant, consistency across S-CORE platform, modules and repeatability of processes may not be possible.
Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured
Initial -...
Managed -
Process definition in place but not yet deployed in S-CORE, but execution would allow consitency across S-CORE platform and modules, repeatability of processes possible
Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open, Process requirements enforced by implemented Tool Requirements 
Managed -...
Defined/Practiced
Deployed (at least once) in S-CORE platform or one Module, The processes have been practiced, and evidence exists to demonstrate that this has occurred. 
Document are complete, verified and released, Initial Safety Audit passed
Defined/Practiced -...
Improving - 
Deployed on S-CORE platform and various S-CORE Modules and constantly improving, using suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas.
Improving -...
Release
Management
Release...
Trustable
Trustable
Folder Templates
Folder TemplatesText is not SVG - cannot display \ No newline at end of file +


Process Areas - Development










 
Process Areas - Development...
Introduction
Introduction


Process Areas - Management










 
Process Areas - Management...
Requirements
Enngineering





Requirements...
Safety
Management
Safety...


Change Management

Change Managem...
Documentation
Management
Documentation...
General Concepts
General Concepts
Standards
Standards
Roles
Roles

Architecture





Architectur...
Imple-mentation

(Detailed Design,
Coding)
Imple-menta...
Problem Resolution
Problem Resolu...
ML 4
ML 4
ML 2
ML 2
ML 1
ML 1


Verification






Verificatio...
Configuration
Management
Configuration...
Tool
Management
Tool...
Quality
Management
Quality...
Project
Management
Project...
Maturity Level
Maturity Level
ML 0
ML 0
Safety
Analysis




Safety...
Work Products
Work Products
Workflows
Workflows
ML 3
ML 3
Plan
Process definition planned
Documents not available or most empty
Plan -...
Initial
Process definition in place, but not yet compliant, consistency across S-CORE platform, modules and repeatability of processes may not be possible.
Documents are mostly available, main parts done, principles clear, all top level questions addressed, well structured.
Initial -...
Managed -
Process definition in place but not yet deployed in S-CORE, but execution would allow consitency across S-CORE platform and modules, repeatability of processes possible
Documents are complete, documented on a comprehensible systematic approach, verified, only minor questions open, Process requirements enforced by implemented Tool Requirements.
Managed -...
Defined/Practiced
Deployed (at least once) in S-CORE platform or one Module, The processes have been practiced, and evidence exists to demonstrate that this has occurred. 
Document are complete, verified and released, Initial Safety Audit passed.
Defined/Practiced -...
Improving - 
Deployed on S-CORE platform and various S-CORE Modules and constantly improving, using suitable process metrics, S-CORE commiter control the effectiveness and performance of the platform and modules and demonstrate continuous improvement in these areas.
Improving -...
Release
Management
Release...
Trustable
Trustable
Folder Templates
Folder Templates
Security
Management
Security...Text is not SVG - cannot display \ No newline at end of file diff --git a/process/process_areas/index.rst b/process/process_areas/index.rst index 35d058d8bc..5b3b8bb0de 100644 --- a/process/process_areas/index.rst +++ b/process/process_areas/index.rst @@ -31,5 +31,6 @@ Process Areas requirements_engineering/index.rst safety_analysis/index.rst safety_management/index.rst + security_management/index.rst tool_management/index.rst verification/index.rst diff --git a/process/process_areas/security_management/guidance/index.rst b/process/process_areas/security_management/guidance/index.rst new file mode 100644 index 0000000000..1ac3787c36 --- /dev/null +++ b/process/process_areas/security_management/guidance/index.rst @@ -0,0 +1,27 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Guidance +######## + +.. toctree:: + :maxdepth: 1 + + security_management_guideline + security_management_feature_security_wp_template + security_management_module_security_plan_template + security_management_security_manual_template + security_management_checklist_security_package + security_management_checklist_security_plan + security_management_process_reqs diff --git a/process/process_areas/security_management/guidance/security_management_checklist_security_package.rst b/process/process_areas/security_management/guidance/security_management_checklist_security_package.rst new file mode 100644 index 0000000000..d94cf72d80 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_checklist_security_package.rst @@ -0,0 +1,65 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Package Formal Review Checklist +======================================== + +.. gd_chklst:: Security Package Formal Review Checklist + :id: gd_chklst__security_package + :status: valid + :complies: std_req__isosae21434__prj_management_6471, std_req__isosae21434__prj_management_6491, std_req__isosae21434__prj_management_6492 + +**1. Purpose** + +The purpose of this review checklist is to report status of the formal review for the security package. + +**2. Checklist** + +.. list-table:: Security Package Checklist + :header-rows: 1 + + * - Id + - Security package activity + - Compliant to ISO SAE 21434? + - Comment + + * - 1 + - Is a security package provided which matches the security plan (i.e. all planned work products referenced)? + - [YES | NO ] + - + + * - 2 + - Is the argument how security is achieved, provided in the security package, plausible and sufficient? + - NO + - The argument is intentionally not provided by the Project. + + * - 3 + - Are the referenced work products available? + - [YES | NO ] + - + + * - 4 + - Are the referenced work products in released state, including the process security audit? + - NO + - Security audit is currently not planned, tailored out. + + * - 5 + - If security related deviations from the process or security concept are documented, are these argued understandably? + - [YES | NO ] + - + + * - 6 + - Are the requirements for post-development available? + - [YES | NO ] + - diff --git a/process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst b/process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst new file mode 100644 index 0000000000..4d5f7e777f --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst @@ -0,0 +1,108 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Plan Review Checklist +============================== + +.. gd_chklst:: Security Plan Review Checklist + :id: gd_chklst__security_plan + :status: valid + :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 + +**1. Purpose** + +The purpose of this security plan review checklist is to report status of the review for the security plan. + +**2. Checklist** + +.. list-table:: Security Plan Checklist + :header-rows: 1 + + * - Id + - Security plan activity + - Compliant to ISO SAE 21434? + - Comment + + * - 1 + - Is the rationale for the security work products tailoring included? + - [YES | NO ] + - + + * - 2 + - Is impact analysis planned in case of re-use of SW (needed for every release following the first formal release)? + - [YES | NO ] + - + + * - 3 + - Does the security plan define all needed activities for security management (incl. Review and Security Audit)? + - [YES | NO ] + - + + * - 4 + - Does the security plan define all needed activities for SW development, integration and verification? + - [YES | NO ] + - + + * - 5 + - Does the security plan define all needed activities for security analysis? + - [YES | NO ] + - + + * - 6 + - Does the security plan define all needed activities for supporting processes (incl. tool mgt)? + - [YES | NO ] + - + + * - 7 + - Does the security plan document a responsible for all activities? + - [YES | NO ] + - + + * - 8 + - If Off-the-shelf (e.g. existing OSS) software components is used, is it planned to be analysed? + - [YES | NO ] + - + + * - 9 + - Is a security manager and a technical/module lead appointed for the project? + - [YES | NO ] + - + + * - 10 + - Is security plan sufficiently linked to the project plan? + - [YES | NO ] + - + + * - 11 + - Is security plan updated iteratively to show the progress? + - [YES | NO ] + - + + * - 12 + - If Out-of-context software components is used, are the assumptions documented? + - [YES | NO ] + - + + * - 13 + - Does the security plan define all needed activities for SBOM generation? + - [YES | NO ] + - + + * - 14 + - Does the security plan define regular vulnerability scans for the generated SBOM? + - [YES | NO ] + - + +.. note:: + Off-the-shelf means existing software which may used w/o modification, e.g. existing OSS diff --git a/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst b/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst new file mode 100644 index 0000000000..e54241d008 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst @@ -0,0 +1,24 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Feature Security Work Products Template +======================================= + +.. gd_temp:: Feature Security Work Products Template + :id: gd_temp__feature_security_wp + :status: valid + :complies: + + For the content see here: (tbd https://github.com/eclipse-score/process_description/issues/109) + ref:`feature_security_wp_template` diff --git a/process/process_areas/security_management/guidance/security_management_guideline.rst b/process/process_areas/security_management/guidance/security_management_guideline.rst new file mode 100644 index 0000000000..944be801f5 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_guideline.rst @@ -0,0 +1,187 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _guideline_security_management: + +Security Management Guideline +============================= + +.. gd_guidl:: Security plan definitions + :id: gd_guidl__security_plan_definitions + :status: valid + :complies: std_req__isosae21434__org_management_5421, std_req__isosae21434__org_management_5422, std_req__isosae21434__org_management_5423, std_req__isosae21434__org_management_5443, std_req__isosae21434__org_management_5451, std_req__isosae21434__org_management_5461, std_req__isosae21434__continual_8321, std_req__isosae21434__continual_8322 + + **Overall security management:** + + Security culture: + + Security culture is planned to grow in the SW platform. + This shall be fostered by doing a lessons learned after each feature development completion, + using the ISO SAE 21434 Annex B, Table B.1 as a questionnaire. + This lessons learned is the main input for process improvement managed by :need:`wp__process_impr_report`. + As starting point for security culture we define a Committer selection process to already have + professionals with security experience in the teams. Additionally the SW platform's processes + are defined with experience of several companies already performing successful safe and secure + SW development. This also improves independence of reviews for the process definitions. + + Quality Management: + + ASPICE standard is selected for quality management. Processes will always link to the + :ref:`standard_isosae21434` standard and to the :ref:`standard_aspice_pam4` standard. + + Competence management: + + The :need:`rl__security_manager` on SW platform level is responsible to define a competence + management for the whole platform. Expectation is that the security competence of the persons + nominated for the roles is already given and only has to be checked. The exception from this + are the committers, for these no security competence needs to be enforced. + So the module security managers shall consult the :need:`wp__platform_security_plan` and + perform accordingly in their module project. + + Communication: + + Development teams are interdisciplinary, so the regular (sprint) planning and review meetings + enable communication (as defined in :need:`wp__platform_mgmt`). Another main communication + means are the Pull Request reviews. Also the standard Eclipse Foundation communication strategies + are used (e.g. mailing lists) + + Security Weaknesses, Vulnerabilities: + + As the SW platform organization does not have own vehicles in the field, it relies on feedback + from OEMs and Distributors on bugs discovered in the field. The need for this feedback is part + of each security manual. But also during development of change requests to existing features, + bug reporting by the Open Source community or integration of existing SW components into new + features may lead to the discovery of new security weaknesses and vulnerabilities. Security + weaknesses and vulnerabilities can also be deviations from the development process with impact + on security. If these are known at the time of creation of a release they will be part of the + :need:`wp__module_security_package` or :need:`wp__platform_security_package` for the OoC. + Security weaknesses and vulnerabilities relevant for already delivered releases will be + identified as such and communicated (as defined in Problem Resolution part of :need:`wp__platform_mgmt`) + via the :need:`wp__issue_track_system` (which is also Open Source). + + + **Tailoring security activities:** + + Main tailoring driver is that the SW platform is pure SW development and is provided as "(component) OoC" - + this explains mainly the generic, platform wide tailoring. + Tailoring is done for the whole SW platform by defining only the relevant work products and an + argumentation why the others are not needed in :ref:`standard_isosae21434` and :need:`wp__platform_security_plan`. + But there may be also additional tailoring for each module/component OoC development to restrict further + the work products. This is documented in every module security plan. Here the usage of already + existing components is the main tailoring driver. + + + **Planning security activities:** + + In the security plan the nomination of the security manager and the technical/module lead is documented. + The planning of security activities is done using issues in the :need:`wp__issue_track_system` + as specified in the :need:`wp__platform_mgmt`. + + It contains for each issue + + * objective - as part of the issue description + * dependencies on other activities or information - by links to the respective issues + * responsible person for the activity - as issue assignee + * required resources for the activity - by selecting a team label (or "project") pointing to a team of committers dedicated to the issue resolution + * duration in time, including start and end point - by selecting a milestone + * UID of the resulting work products - stated in the issue title + + The planning of security activities is divided into the + + * Platform OoC planning, dealing with all work products needed only once for the platform. This is included in :need:`wp__platform_security_plan` + * Module/Component OoC planning, dealing with all work products needed for each module development (initiated by a change request), included in :need:`wp__module_security_plan`. + + A template exists to guide this: :need:`gd_temp__module_security_plan`. + + + **Planning supporting processes:** + + Supporting processes (Requirements Management, Configuration Management, Change Management, + Documentation Management, Tool Management) are planned within the :need:`wp__platform_mgmt` + + **Planning integration and verification:** + + Integration on the target hardware is not done in the scope of the SW platform project, but SW/SW + integration up to the feature level is performed and its test results are part of the + :need:`wp__verification__platform_ver_report`. + The integration on the target hardware done by the distributor or OEM is supported by delivering + a set of HW/SW integration tests which were already run successfully on a reference HW platform. + + This is planned by the respective work products: + + * :need:`wp__verification__feat_int_test` + * :need:`wp__verification__platform_test` + + Verification planning is documented in :need:`wp__verification__plan` + + + **Scheduling of reviews, audit and assessment:** + + Scheduling is done in the same way as for all work products definition by issues. + The respective work products are :need:`wp__fdr_reports_security` and :need:`wp__audit_report_security` + + + **Planning of security analyses:** + + In cases where the components consist of sub-components there will be more than one architecture + level. Security analysis will then be done on these multiple levels. + + See the respective work products: + + * feature level: :need:`wp__feature_security_analysis` + * component level: :need:`wp__sw_component_security_analysis` + + Analyses shall be based on `STRIDE `_ model. + + **Provision of the confidence in the use of software tools:** + + Tool Management planning is part of the :need:`wp__platform_mgmt`. The respective work product + to be planned as an issue of the generic security plan is the :need:`wp__tool_verification_report`, + which contains tool evaluation and if applicable qualification of the SW platform toolchain. + Components developed in C++ and Rust will have different toolchains. Both will be qualified + once for the SW platform. + + **Provision of a Software Bill of Materials (SBOM) and Vulnerability Management** + + SBOMs provide a comprehensive inventory of all components and dependencies within a software + project, thus they can be interpreted as configuration information. + `Eclipse Project Handbook: Software Bill of Material `_ + recommends to generate SBOMs and contains also information how to generate SBOMs. + SBOMs are used as sources for collection of information and as trigger for further investigations + as identifying weaknesses and vulnerabilities. + + `Eclipse Foundation Security Team `_ + provides help and advice to Eclipse projects on security issues and is the first point of + contact for handling security vulnerabilities. Nevertheless :need:`rl__contributor` and + :need:`rl__committer` are responsible for following the `Eclipse Foundation Security Policy `_. + The :need:`Security Team ` is responsible for coordinating the resolution of + vulnerabilities within the Project. + +.. gd_guidl:: Security manual generation + :id: gd_guidl__security_manual + :status: valid + :complies: std_req__isosae21434__prj_management_6491, std_req__isosae21434__prj_management_6492 + + The security manual collects several work products and adds some additional content mainly to + instruct the user of a OoC (in this project on platform and module level) to securely use it + in the context of the user's OoC and requirements for post-development. + Its main content is described in :need:`wp__platform_security_manual` and :need:`wp__module_security_manual`. + A template exists to guide the definition of the security manual on platform and module level (:need:`gd_temp__security_manual`). + +.. gd_guidl:: Security package automated generation + :id: gd_guidl__security_package + :status: valid + :complies: std_req__isosae21434__prj_management_6471 + + The security package shall be generated progressively and automatically compiling the work products. diff --git a/process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst b/process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst new file mode 100644 index 0000000000..3b62aec5a9 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst @@ -0,0 +1,226 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Module Security Plan Template +============================= + +.. gd_temp:: Module Security Plan Template + :id: gd_temp__module_security_plan + :status: valid + :complies: + + Will be moved to Folder Templates (tbd https://github.com/eclipse-score/process_description/issues/109) + For the content see here: need:`doc__module_name_security_plan` + Will also adapted to the latest Safety Plan Template + + + + | **1. Security Management Context** + | This Security Plan adds to the :ref:`process_security_management` all the module development relevant work products needed for ISO SAE 21434 conformity. + | + | **2. Security Management Scope** + | This Security Plan's scope is a SW module of the SW platform /index.rst>. + | The module consists of one or more SW components and will be qualified as a EooC. + | + | **3. Security Management Roles** + + +---------------------------+--------------------------------------------------------------+ + | Security Manager | | + +---------------------------+--------------------------------------------------------------+ + | Project Manager | | + +---------------------------+--------------------------------------------------------------+ + + | **4. Tailoring** + | Additional to the tailoring in the SW platform project as defined in the :ref:`process_security_management` we define here the additional tailoring on module level. + | + | - Excluded for this module are additionally the following work products (and their related requirements): + | - : - + | + | **5. Security Module Work Products** + | One set of workproducts for the module and one set for each component of the module: + +.. list-table:: Module Work Products + :header-rows: 1 + + * - Work Product Id + - Link to process + - Process status + - Link to issue + - Link to WP + - WP status + + * - :need:`wp__module_security_plan` + - :ref:`guideline_security_management` + - + - + - this document + - see above + + * - :need:`wp__module_security_package` + - :ref:`guideline_security_management` + - + - + - + - + + * - :need:`wp__fdr_reports` (module Security Plan) + - :need:`gd_chklst__security_plan` + - + - + - + - + + * - :need:`wp__fdr_reports` (module Security Package) + - :need:`gd_chklst__security_package` + - + - + - + - + + * - :need:`wp__fdr_reports` (module's Security Analyses) + - Security Analysis FDR tbd + - + - + - + - + + * - :need:`wp__audit_report_security` + - performed by external experts + - n/a + - + - + - + + * - :need:`wp__module_sw_build_config` + - `REPLACE_sw_development` + - + - + - + - + + * - :need:`wp__module_security_manual` + - :need:`gd_temp__security_manual` + - + - + - + - + + * - :need:`wp__verification__module_ver_report` + - :ref:`process_verification` + - + - + - + - + + * - :need:`wp__module_sw_release_note` + - :ref:`release_management` + - + - + - + - + + * - :need:`wp__sw_module_sbom` + - :ref:`security_management` + - not started + - + - + - + + +.. list-table:: Component Work Products + :header-rows: 1 + + * - Work Product Id + - Link to process + - Process status + - Link to issue + - Link to WP + - WP status + + * - :need:`wp__requirements__comp` + - + - + - + - + - + + * - :need:`wp__requirements__comp_aou` + - + - + - + - + - + + * - :need:`wp__hsi` + - + - + - + - + - + + * - :need:`wp__requirements__inspect` + - + - + - n/a + - Checklist used in Pull Request Review + - n/a + + * - :need:`wp__component_arch` + - + - + - + - + - + + * - :need:`wp__sw_component_security_analysis` + - + - + - + - + - + + * - :need:`wp__sw_arch_verification` + - + - + - + - + - + + * - :need:`wp__sw_implementation` + - + - + - + - + - + + * - :need:`wp__verification__sw_unit_test` + - + - + - + - + - + + * - :need:`wp__sw_implementation_inspection` + - + - + - + - + - + + * - :need:`wp__verification__comp_int_test` + - + - + - + - + - diff --git a/process/process_areas/security_management/guidance/security_management_process_reqs.rst b/process/process_areas/security_management/guidance/security_management_process_reqs.rst new file mode 100644 index 0000000000..5384615651 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_process_reqs.rst @@ -0,0 +1,40 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Security Management Process Requirements +======================================== + +.. gd_req:: Security Management attribute: status derivation + :id: gd_req__security_doc_status + :status: valid + :tags: attribute, mandatory + :satisfies: + :complies: + + Security plans shall contain documents references where the status is derived automatically. + + Note: This can be done by defining the document as a sphinx-need and using sphinx mechanisms. + +.. gd_req:: Security Management attribute: status accumulation + :id: gd_req__security_wp_status + :status: valid + :tags: attribute, mandatory + :satisfies: + :complies: + + Security plans shall contain work product references where the accumulated status is derived automatically. + + Note: This can be done as for documents if the work product is a single sphinx-need. + For work products collections (e.g. all requirements of a component) an accumulated status is needed (e.g. like "% valid state") diff --git a/process/process_areas/security_management/guidance/security_management_security_manual_template.rst b/process/process_areas/security_management/guidance/security_management_security_manual_template.rst new file mode 100644 index 0000000000..2d447a5acd --- /dev/null +++ b/process/process_areas/security_management/guidance/security_management_security_manual_template.rst @@ -0,0 +1,91 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Manual Template +========================= + +.. gd_temp:: Security Manual Template + :id: gd_temp__security_manual + :status: valid + :complies: + + Will be moved to Folder Templates (tbd https://github.com/eclipse-score/process_description/issues/109) + For the content see here: need:`doc__module_name_security_manual` + Will also adapted to the latest Safety ManualTemplate + + +Introduction/Scope +------------------ +| + +Assumed Platform Security Requirements +-------------------------------------- +| For the the following security related stakeholder requirements are assumed to define the top level functionality (purpose) of the . I.e. from these all the feature and component requirements implemented are derived. +| + +Assumptions of Use +------------------ + +Assumptions on the Environment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +| Generally the assumption of the Project platform OoC is that it is integrated in a secure system, i.e. the POSIX OS it runs on is qualified and also the HW related failures are taken into account by the system integrator, if not otherwise stated in the module's security concept. +| + +List of AoUs expected from the environment the platform / module runs on: + +.. needtable:: + :style: table + :columns: title;id;status + :colwidths: 25,25,25 + :sort: title + + results = [] + + for need in needs.filter_types(["aou_req"]): + if need and "environment" in need["tags"]: + results.append(need) + +Assumptions on the User +^^^^^^^^^^^^^^^^^^^^^^^ +| As there is no assumption on which specific OS and HW is used, the integration testing of the stakeholder and feature requirements is expected to be performed by the user of the platform EooC. Tests covering all stakeholder and feature requirements performed on a reference platform (tbd link to reference platform specification), reviewed and passed are included in the platform EooC security package. +| Additionally the components of the platform may have additional specific assumptions how they are used. These are part of every module documentation: . Assumptions from components to their users can be fulfilled in two ways: +| 1. There are assumption which need to be fulfilled by all SW components, e.g. "every user of an IPC mechanism needs to make sure that he provides correct data (e.g. including appropriate security (access) control)" - in this case the AoU is marked as "platform". +| 2. There are assumption which can be fulfilled by a security control realized by some other Project platform component and are therefore not relevant for an user who uses the whole platform. But those are relevant if you chose to use the module EooC stand-alone - in this case the AoU is marked as "module". An example would be the "JSON read" which requires "The user shall provide a string as input which is not corrupted due to HW or QM SW errors." - which is covered when using together with safe S-CORE platform persistency feature. + +List of AoUs on the user of the platform features or the module of this security manual: + +.. needtable:: + :style: table + :columns: title;id;status + :colwidths: 25,25,25 + :sort: title + + results = [] + + for need in needs.filter_types(["aou_req"]): + if need and "environment" not in need["tags"]: + results.append(need) + +Security concept of the OoC +---------------------------- +| + +Security Weaknesses, Vulnerabilities +------------------------------------ +| Weaknesses, Vulnerabilities (bugs in security relevant SW, detected by testing or by users, which could not be fixed) known before release are documented in the platform/module release notes . + +References +---------- +| +| diff --git a/process/process_areas/security_management/index.rst b/process/process_areas/security_management/index.rst new file mode 100644 index 0000000000..399726df3d --- /dev/null +++ b/process/process_areas/security_management/index.rst @@ -0,0 +1,29 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _security_management: + +Security Management +################### + +.. toctree:: + :maxdepth: 1 + + + security_management_getstrt + security_management_concept + guidance/index + security_management_roles + security_management_workflow + security_management_workproducts diff --git a/process/process_areas/security_management/security_management_concept.rst b/process/process_areas/security_management/security_management_concept.rst new file mode 100644 index 0000000000..b677839eb7 --- /dev/null +++ b/process/process_areas/security_management/security_management_concept.rst @@ -0,0 +1,124 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _process_security_management: + +Concept Description +################### + +.. doc_concept:: Concept Description + :id: doc_concept__security_management_process + :status: valid + :tags: security_management + +In this section a concept for the Security Management will be discussed. Inputs for this concepts +are mainly the requirements of ISO SAE 21434 Clause 5, 6 and 8. + +The term security is used here synonymously for the term cybersecurity as defined in ISO SAE 21434. + + +Inputs +****** + +#. Stakeholders for the Security Management work products? +#. Who needs which information? +#. Which security plans do we have? +#. Which other work products of security management are important? +#. What tooling do we need? + + +Stakeholders for the Security Management +**************************************** + +#. :need:`Technical Lead ` + + * approving security audit + +#. :need:`Technical Lead `, :need:`Module Lead ` + + * planning of development for platform/nodule projects + * status reporting of security activities + * approving security plan, security package + +#. :need:`Security Manager ` + + * is the main responsible for the security management work products (as in :doc:`security_management_workproducts`). + See also role definition in :doc:`security_management_roles`. + +#. :need:`Committer ` + + * creates and maintains SBOM + * reports weaknesses and vulnerabilities + +#. :need:`Committer ` + + * reports weaknesses and vulnerabilities + +#. :need:`External Auditor ` + + * understand activities planning, processes definition and execution (needs review, if we consider that) + +#. "Distributor" (external role) + + * use the platform in a safe and secure way + * integrate the platform in their product (distribution) and security package + * plan this integration (also in time) + * qualify the SW platform as part of his product + +#. :need:`Safety Manager ` + + * Supports activities + +#. :need:`Infrastructure/Tooling community `, :need:`Process community `, :need:`Process community ` + + * Supports the creation and maintenance of the SBOM + +#. :need:`Quality Manager ` + + * Supports training activities + + +Standard Requirements +===================== + +Also requirements of standards need to be taken into consideration: + +* ISO 26262 +* ASPICE +* ISO SAE 21434 + +Security Management Plans +************************* + +This SW platform project defines two levels of planning: platform and module. There will be one security plan on platform level and several security plans on module level (one for each module). +This is how we organize our development teams and repositories. Each of these security plan "creates" one component OoC. +The :need:`wp__platform_security_plan` exists only once and is part of the :need:`wp__platform_mgmt` of the development project. + +Security Management Work Products +********************************* + +Apart from the security plans the main work products of security management are (see also the link to workflows below): + +* :need:`Security Manual ` - the security manual defines the requirements for safe and secure usage or integration of the SW platform (or its individual modules) +* :need:`Reviews ` - on security plan, security package and security analyses, according to ISO SAE 21434 requirements +* :need:`Security Package ` - the security package does not contain the security argumentation. By this the development project ensures it does not take over liability for the SW platform (or its individual modules). But it enables the distributors to integrate the SW platform (or its individual modules) in their security package. + +Security Management Tooling +*************************** + +For the security planning and security manual, "re-structured text" will be used for referencing. + +For the activities planning and monitoring (who, when) we use :need:`wp__issue_track_system`. + +For the reporting (e.g. displaying the status of the work products) additional tooling is created (see :doc:`guidance/security_management_process_reqs`). diff --git a/process/process_areas/security_management/security_management_getstrt.rst b/process/process_areas/security_management/security_management_getstrt.rst new file mode 100644 index 0000000000..f525d2b632 --- /dev/null +++ b/process/process_areas/security_management/security_management_getstrt.rst @@ -0,0 +1,30 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Getting Started +############### + +.. doc_getstrt:: Getting Started on Change Management + :id: doc_getstrt__security_management_process + :status: valid + :tags: security_management + +In case you are appointed as a :need:`Security Manager ` by the +:need:`rl__project_lead` in the development project: + +* Contact the :need:`Technical Lead ` (TL) for your Component OoC (Out-of-Context) to establish planning and reporting +* Create your security plan according to :need:`wf__cr_mt_security_plan` +* Make familiar with your role description and the other workflows of security management (see :doc:`security_management_roles` or :doc:`security_management_workflow`) +* Make familiar with the concept :need:`doc_concept__security_management_process` and the :need:`wp__platform_security_plan` +* Make familiar with the development and supporting process descriptions in :ref:`process_description`, especially with the :need:`wp__platform_mgmt` diff --git a/process/process_areas/security_management/security_management_roles.rst b/process/process_areas/security_management/security_management_roles.rst new file mode 100644 index 0000000000..119aee36e1 --- /dev/null +++ b/process/process_areas/security_management/security_management_roles.rst @@ -0,0 +1,70 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Roles +##### + + +.. role:: Security Manager + :id: rl__security_manager + :status: draft + :tags: security_management + :contains: rl__committer + + The Security Manager is responsible for making sure that ISO SAE 21434 is complied + to in the project. The Security Manager shall lead and monitor the security relevant + activities of the project. + + Required skills + + * Degree: Master's degree in electrical engineering/computer science/mathematics, or similar degree, or comparable work experience + * Solid understanding of security management + * Knowledge in project management + * Deep understanding of quality criteria and the correlating methods and procedures to achieve and verify them + * Technical know-how of embedded systems + * Preferred training: (Automotive) Cybersecurity Specialist (CySec) or similar + + Knowledge of standards + + * ISO SAE 21434 + + Experience + + * 2 years of experience in the management of security topics + * Experience in managing projects + * Experience in managing security weaknesses, vulnerabilities + + Responsibility + + * Creates and maintains the Security Plan + * Creates and monitors the completeness of the security package + * Creates and maintains the Security Manual + * Supports creation and maintaining of the SBOM + * Verifies, that the preconditions for the "release for production", which are part of the release notes, are fulfilled, and the correctness, completeness and consistency of the release notes + * Supports reporting of security related project status + * Reports security weaknesses, vulnerabilities + * Coaches the project team w.r.t all questions related to security + * Plans and approves the security audit (to be discussed, currently not in scope) + * Plans and approves the formal security reviews + * Approval of security analyses + * Creates and maintains the security manuals on platform and module level + * Checks that every person in his team has sufficient security skills for their role + + Authority + + * Escalation of planning topics to the project manager defined in the security plan + * Initiate the publication of a security weakness, vulnerability + * Recommend the Release of a SW platform or a module + * Refusing the approval of work products as defined in the workflows + * Refusing the approval of his team's role nomination (i.e. requesting that the role will be withdrawn) diff --git a/process/process_areas/security_management/security_management_workflow.rst b/process/process_areas/security_management/security_management_workflow.rst new file mode 100644 index 0000000000..7e06c0e133 --- /dev/null +++ b/process/process_areas/security_management/security_management_workflow.rst @@ -0,0 +1,159 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Workflow Security Management +############################ + +.. workflow:: Create/Maintain Security Plan + :id: wf__cr_mt_security_plan + :status: valid + :responsible: rl__security_manager + :approved_by: rl__technical_lead, rl__module_lead + :supported_by: rl__safety_manager + :input: wp__platform_mgmt, wp__issue_track_system, wp__tailoring + :output: wp__module_security_plan, wp__platform_security_plan + :contains: gd_guidl__security_plan_definitions, gd_temp__feature_security_wp, gd_temp__module_security_plan + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The Security Manager is responsible for the planning and coordination of the security activities for the platform/module. + | The Security Manager creates and maintains the security plan. + | For this a template exists to guide the creator of the security plan. + +.. workflow:: Create/Maintain Security Package + :id: wf__cr_mt_security_package + :status: valid + :responsible: rl__security_manager + :approved_by: rl__technical_lead, rl__module_lead + :supported_by: rl__safety_manager + :input: wp__module_security_plan, wp__platform_security_plan, wp__issue_track_system + :output: wp__module_security_package, wp__platform_security_package + :contains: gd_guidl__security_package, gd_temp__feature_security_wp, gd_temp__module_security_plan, gd_guidl__security_plan_definitions + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The Security Manager is NOT responsible to provide the argument for the achievement of security. + | But the Security Manager creates and maintains the security package in the sense of a collection of security related work products. + | The generation and the maintenance of this draft security package shall be automated as much as possible. + | It does not contain the final argumentation of the security of the product. + | As the security package is only a collection of work products, the security plan (template) can be used for documentation. + +.. workflow:: Perform Security Audit + :id: wf__p_fs_audit_security + :status: valid + :responsible: rl__external_auditor + :approved_by: rl__security_manager, rl__project_lead + :supported_by: rl__safety_manager + :input: wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package + :output: wp__audit_report_security + :contains: gd_guidl__security_plan_definitions + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The external auditor is responsible to perform a security audit. + | The Security Manager and the process community shall support the external auditor during this. + | The Project Manager and and the Security Manager shall approve the audit report. + | + | This is currently tailored out (needs discussion). + +.. workflow:: Perform Formal Security Reviews + :id: wf__p_formal_security_rv + :status: valid + :responsible: rl__external_auditor + :approved_by: rl__security_manager + :supported_by: rl__safety_manager + :input: wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package + :output: wp__fdr_reports_security + :contains: gd_guidl__security_plan_definitions, gd_chklst__security_plan, gd_chklst__security_package + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The external auditor is responsible to perform the formal reviews on Security plan and Security Analysis. + | The Security Manager shall support the external auditor during the reviews. + | The Project Lead and and the Security Manager shall approve the formal reviews. + | Therefore a checklists exist to guide the creator of the relevant security documents. + | + | This is currently tailored out (needs discussion). + +.. workflow:: Create/Maintain Security Manual + :id: wf__cr_mt_security_manual + :status: valid + :responsible: rl__security_manager + :approved_by: rl__technical_lead, rl__module_lead + :supported_by: rl__safety_manager + :input: wp__requirements__feat_aou, wp__requirements__feat, wp__feature_arch, wp__feature_safety_analysis, wp__feature_dfa, wp__requirements__comp_aou, wp__requirements__comp, wp__component_arch, wp__sw_component_safety_analysis, wp__sw_component_dfa + :output: wp__platform_security_manual, wp__module_security_manual + :contains: gd_guidl__security_manual, gd_temp__security_manual, gd_guidl__security_plan_definitions + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The Security Manager collects the necessary input for the security manuals on platform and module level and documents it. + | He makes sure all items are in valid state for a release of the security manual. + | Also for the security manual a template exists as a guidance. + +.. workflow:: Create/Maintain SBOM + :id: wf__cr_mt_security_sbom + :status: valid + :responsible: rl__committer + :approved_by: rl__security_manager, rl__technical_lead, rl__module_lead + :supported_by: rl__infrastructure_tooling_community, rl__process_community, rl__security_team, rl__contributor + :input: wp__issue_track_system, wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package + :output: wp__sw_platform_sbom, wp__sw_module_sbom + :contains: gd_guidl__security_plan_definitions + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The Committer is responsible to create and the maintain the SBOM for the platform/module. + | The Committer makes sure all components and dependencies are identified and made available. + +.. workflow:: Monitor/Verify Security + :id: wf__mr_vy_security + :status: valid + :responsible: rl__security_manager + :approved_by: rl__technical_lead, rl__module_lead + :supported_by: rl__security_team + :input: wp__issue_track_system, wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package, wp__audit_report, wp__fdr_reports, wp__sw_platform_sbom, wp__sw_module_sbom + :output: wp__issue_track_system, wp__module_sw_release_note, wp__platform_sw_release_note + :contains: gd_guidl__security_plan_definitions + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The Security Manager is responsible for the monitoring of the security activities against the security plan. + | The Security Manager is responsible to verify, that the preconditions for the "release for production", which are part of the release notes, are fulfilled. + | The Security Manager is responsible to verify the correctness, completeness and consistency of the release notes. + | The Security Manager is responsible for the monitoring of security information as defined in the security plan. + | The Security Manager is responsible to identify weaknesses and vulnerabilities based on received information, and to analyse and manage the vulnerabilities until closure. + | Beside reporting vulnerabilities in the :need:`wp__issue_track_system`, also `Eclipse general vulnerability tracker `_ may be used. + +.. workflow:: Consult and Execute Security Trainings + :id: wf__consult_exe_sec_training + :status: valid + :responsible: rl__security_manager + :approved_by: rl__technical_lead, rl__module_lead + :supported_by: rl__safety_manager, rl__quality_manager + :input: wp__module_security_plan, wp__platform_security_plan, wp__policies, wp__process_definition + :output: wp__training_path + :contains: gd_temp__module_security_plan + :has: doc_concept__security_management_process, doc_getstrt__security_management_process + + | The security manager :need:`rl__security_manager` consults all project/platform stakeholder as defined in :need:`doc_concept__security_management_process` for security topics and executes regularly security trainings. + + +.. needextend:: "process_areas/security_management" in docname + :+tags: security_management + +RAS(IC) for Security Management: +******************************** + +.. needtable:: RASIC Overview for Security Management + :tags: security_management + :filter: "security_management" in tags and type == "workflow" and is_external == False + :style: table + :sort: status + :columns: id as "Activity";responsible as "Responsible";approved_by as "Approver";supported_by as "Supporter" + :colwidths: 30,30,30,30 diff --git a/process/process_areas/security_management/security_management_workproducts.rst b/process/process_areas/security_management/security_management_workproducts.rst new file mode 100644 index 0000000000..7a7dd9ecc5 --- /dev/null +++ b/process/process_areas/security_management/security_management_workproducts.rst @@ -0,0 +1,146 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Work Products Security Management +################################# + +.. workproduct:: Platform Security Plan + :id: wp__platform_security_plan + :status: valid + :complies: std_wp__isosae21434__prj_management_651, std_wp__isosae21434__maintenance_13331, std_wp__isosae21434__continual_8331, std_wp__isosae21434__continual_8332 + + Plan to manage and guide the execution of the security activities of a project including dates, milestones, tasks, deliverables, responsibilities (including the Security Manager appointment) and resources. + + This platform security plan also takes into account the eclipse organization's rules relevant for security development. + + Guidelines on how an change impact analysis shall be concluded on each item or element involved together with it's connected items or elements. + + This is on following level: + + * Project/Platform (contains definitions how security planning is performed generally in the project) + +.. workproduct:: Module Security Plan + :id: wp__module_security_plan + :status: valid + :complies: std_wp__isosae21434__prj_management_651 + + Plan to manage and guide the execution of the security activities of a project including dates, milestones, tasks, deliverables, responsibilities (including the Security Manager appointment) and resources. + + Guidelines on how an impact analysis shall be concluded on each item or element involved together with it's connected items or elements. + + This is on following level: + + * Module (contains activities planning based on a Change Request) + +.. workproduct:: Platform Security Package + :id: wp__platform_security_package + :status: valid + :complies: std_wp__isosae21434__prj_management_652 + + Compiled Security Relevant Work Products. For Platform OoC. + + Note that the platform security package does not contain an argument that the platform is safe and secure. + +.. workproduct:: Module Security Package + :id: wp__module_security_package + :status: valid + :complies: + + Compiled Security Relevant Work Products. For Module OoC. + + Note that the module security package does not contain an argument that the module is safe and secure. + +.. workproduct:: Formal Document Review Reports + :id: wp__fdr_reports_security + :status: valid + :complies: std_wp__isosae21434__prj_management_654 + + Review that a work product provides sufficient and convincing evidence of their contribution to the achievement of security considering the corresponding objectives and requirements of ISO SAE 21434. + + Will contain formal review report for Security Plan, Security Package, Security Analyses. + +.. workproduct:: Process Security Audit Report + :id: wp__audit_report_security + :status: valid + :complies: std_wp__isosae21434__org_management_555 + + Examination of an implemented process with regard to the process objectives and that those match the ISO SAE 21434. + (Currently tailored out, needs discussion) + +.. workproduct:: Platform Security Manual + :id: wp__platform_security_manual + :status: valid + :complies: std_wp__isosae21434__prj_management_654 + + The security manual describes: + + * the Assumed Platform Requirements (Security related, including for post-development); + * the security concept of the OoC (i.e. which attack paths are taken care of); + * the Assumptions of Use (of the features); + * a link to the user manual; + * the reactions of the implemented functions under threatened operating conditions; and + * a description of known vulnerabilities with corresponding workaround measures. + + This is on platform level. Only one manual for the entire platform. + +.. workproduct:: Module Security Manual + :id: wp__module_security_manual + :status: valid + :complies: std_wp__isosae21434__prj_management_654 + + The security manual describes: + + * the Assumed Platform Requirements (Security related, including for post-development); + * the security concept of the OoC (i.e. which attack paths are taken care of); + * the Assumptions of Use (of the modules's components); + * a link to the user manual; + * the reactions of the implemented functions under threatened operating conditions; and + * a description of known vulnerabilities with corresponding workaround measures. + + This is on module level. One manual per each module. + +.. workproduct:: Feature Security Analysis + :id: wp__feature_security_analysis + :status: draft + :complies: std_wp__isosae21434__development_1055, std_wp__isosae21434__assessment_15631, std_wp__isosae21434__assessment_15731, std_wp__isosae21434__assessment_15831, std_wp__isosae21434__assessment_15931 + + Bottom-Up Security Analysis with e.g. FMEA method, verifies the feature architecture (as part of SW Security Concept) + - Detection and prevention mitigations linked to Software Feature Requirements or Assumptions of Use + +.. workproduct:: Component Security Analysis + :id: wp__sw_component_security_analysis + :status: draft + :complies: std_wp__isosae21434__development_1055, std_wp__isosae21434__assessment_15631, std_wp__isosae21434__assessment_15731, std_wp__isosae21434__assessment_15831, std_wp__isosae21434__assessment_15931 + + Bottom-Up Security Analysis with e.g. FMEA method, verifies the component architecture (as part of SW Security Concept) + - Detection and prevention mitigations linked to Software Component Requirements or Assumptions of Use + +.. workproduct:: Platform Software Bill of Material (SBOM) + :id: wp__sw_platform_sbom + :status: draft + :complies: + + Platform Software Bill of Material + - comprehensive inventory of software components to ensure security, integrity, and compliance. + +.. workproduct:: Module Software Bill of Material (SBOM) + :id: wp__sw_module_sbom + :status: draft + :complies: + + Module Software Bill of Material + - comprehensive inventory of software components to ensure security, integrity, and compliance. + +.. needextend:: docname is not None and "process_areas/security_management" in docname + :+tags: security_management diff --git a/process/roles/index.rst b/process/roles/index.rst index df309c5296..baea838784 100644 --- a/process/roles/index.rst +++ b/process/roles/index.rst @@ -48,14 +48,6 @@ S-CORE Management Roles * Election and replacement of all role's personnel * Decide on addition/removal of modules repositories or split-off of projects -.. role:: Security Manager - :id: rl__security_manager - :status: draft - :tags: quality_management - :contains: rl__committer - - The security managers shall be responsible for the planning and coordination of the security activities. - S-CORE process roles -------------------- @@ -110,6 +102,14 @@ S-CORE development roles independence argumentation when involved in the development of unit testing on safety critical units. In this way the testing community takes a supportive role for unit testing +.. role:: S-CORE Security Team + :id: rl__security_team + :status: valid + :tags: verification + :contains: rl__committer + + (Eclipse) Open Source Role, person(s) who is(are) responsible for coordinating the resolution of Vulnerabilities within the Project. + By default, the S-CORE Security Team includes all Committers. However, the Project may choose a different arrangement and establish specific criteria for team nominations. S-CORE cross functional teams ----------------------------- diff --git a/process/standards/aspice_40/aspice.rst b/process/standards/aspice_40/aspice.rst index c98d181112..7716536ec1 100644 --- a/process/standards/aspice_40/aspice.rst +++ b/process/standards/aspice_40/aspice.rst @@ -12,6 +12,8 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* +.. _standard_aspice_pam4: + ASPICE 4.0 ==========