You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: process/process_areas/security_analysis/guidance/security_analysis_guideline.rst
+1-6Lines changed: 1 addition & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,7 +93,7 @@ The analysis is done by as described in the flowchart :ref:`platform_security_an
93
93
#. Identify the assets of the platform. The assets are the elements of the platform that have to be protected. The assets can be identified by using the trust boundary model and the platform architecture. The assets can be identified using the following questions:
94
94
95
95
- What are the critical
96
-
- functions, interfaces, components (HW and SW), data of the platform?
96
+
- features, interfaces, components (HW and SW), data of the platform?
97
97
- communication paths and interfaces of the platform?
98
98
- configurations of the platform?
99
99
- What critical information is shared between the components?
@@ -146,11 +146,6 @@ The analysis is done by as described in the flowchart :ref:`platform_security_an
146
146
If there are changes they have to be analyzed with an impact analysis
147
147
:need:`gd_temp__change_impact_analysis`. If needed the Security Analysis has to be
148
148
updated accordingly. Therefore all necessary steps have to be repeated.
149
-
.. #. If a threat scenario applies, use the template :need:`gd_temp__plat_threat_scenario`, :need:`gd_temp__feat_sec_ana_threat` or :need:`gd_temp__comp_sec_ana_threat` to perform the analysis.
150
-
.. #. The title of the analysis should be easily recognizable e.g. "Component xy unauthorized access".
151
-
.. #. Link the violated architecture with the "violates" attribute.
152
-
.. #. Replace the placeholders in the "id" attribute with the name of the feature or component and a short description of the element so that it can be easily identified.
153
-
.. #. Document the threat ID from the threat scenario :need:`gd_guidl__sec_ana_threat_scenarios` that applies to the element in the "threat_id" attribute.
Copy file name to clipboardExpand all lines: process/process_areas/security_analysis/security_analysis_concept.rst
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -135,12 +135,12 @@ As shown above in the flow diagram, the first step in the platform security anal
135
135
136
136
How to mitigate?
137
137
================
138
-
Security requirements resulting from the Platform analysis become stakeholder requirements for the features. Identified risks without a mitigation remain open and are tracked in the issue tracking
138
+
Security requirements resulting from the Platform analysis become :need:`wp__requirements_stkh` for the features. Identified risks without a mitigation remain open and are tracked in the issue tracking
139
139
system :need:`wp__issue_track_system` until they are resolved.
140
140
Resolving includes acceptance of the risk or avoidance.
141
141
Further a new security control may be needed to reduce the risk.
142
142
Finally also the risk may shared, if applicable.
143
-
Security assumptions resulting from the anlysis are documented properly.
143
+
Security assumptions resulting from the analysis are documented properly as :need:`wp__requirements_sw_platform_aou`.
0 commit comments