Skip to content

Commit 4c3a16f

Browse files
Chidananda-SwamyChidananda-Swamy
authored
Add compliance links for the security analysis process requirements (#636)
Issue: #635
1 parent 9135278 commit 4c3a16f

1 file changed

Lines changed: 12 additions & 12 deletions

File tree

process/process_areas/security_analysis/guidance/security_analysis_process_reqs.rst

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ Security Analysis Process Requirements
2626
:status: valid
2727
:tags: done_automation, security_analysis
2828
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
29-
:complies:
29+
:complies: std_req__isosae21434__continual_8321, std_req__isosae21434__continual_8621, std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15722, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
3030

3131
Security Analysis shall be hierarchically grouped into different levels.
3232

@@ -46,7 +46,7 @@ Process Security Analysis Attributes
4646
:status: valid
4747
:tags: done_automation, attribute, mandatory
4848
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
49-
:complies:
49+
:complies: std_req__isosae21434__continual_8321
5050

5151
Each Security Analysis shall have a unique ID. It shall be in a format which is also human readable and consists of
5252

@@ -61,7 +61,7 @@ Process Security Analysis Attributes
6161
:status: valid
6262
:tags: manual_prio_1, attribute, mandatory
6363
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
64-
:complies:
64+
:complies: std_req__isosae21434__continual_8321
6565

6666
The title of the Security Analysis shall provide a short summary of the description
6767

@@ -70,7 +70,7 @@ Process Security Analysis Attributes
7070
:status: valid
7171
:tags: prio_1_automation, attribute, optional
7272
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
73-
:complies:
73+
:complies: std_req__isosae21434__continual_8621, std_req__isosae21434__continual_8622, std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15721, std_req__isosae21434__assessment_15722, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
7474

7575
Each threat shall have an associated treatment (accept, avoid, reduce, share) or AoU.
7676
If mitigation has not yet been implemented, do not use this option.
@@ -81,7 +81,7 @@ Process Security Analysis Attributes
8181
:status: valid
8282
:tags: prio_1_automation, attribute, optional
8383
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
84-
:complies:
84+
:complies: std_req__isosae21434__continual_8322, std_req__isosae21434__continual_8323, std_req__isosae21434__continual_8621, std_req__isosae21434__continual_8622, std_req__isosae21434__assessment_15921
8585

8686
If a new security mitigation (avoid, reduce, or share) is needed, link to the issue and keep status invalid until the mitigation is sufficient.
8787

@@ -90,7 +90,7 @@ Process Security Analysis Attributes
9090
:status: valid
9191
:tags: prio_1_automation, attribute, mandatory
9292
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
93-
:complies:
93+
:complies: std_req__isosae21434__continual_8621, std_req__isosae21434__continual_8622, std_req__isosae21434__assessment_15721, std_req__isosae21434__assessment_15722, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
9494

9595
The mitigation(s) shall be rated as sufficient with <yes> or <no>.
9696
A mitigation can only be sufficient if a mitigation is linked via the attribute mitigation.
@@ -100,7 +100,7 @@ Process Security Analysis Attributes
100100
:status: valid
101101
:tags: prio_1_automation, attribute, mandatory
102102
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
103-
:complies:
103+
:complies: std_req__isosae21434__continual_8421, std_req__isosae21434__continual_8521, std_req__isosae21434__continual_8522, std_req__isosae21434__continual_8621, std_req__isosae21434__continual_8622, std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15721, std_req__isosae21434__assessment_15722, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
104104

105105
The argument shall describe why the mitigation is sufficient or not. If it is not sufficient, the argument shall describe how the mitigation
106106
can be improved to achieve sufficiency. The argument shall be written in the content.
@@ -110,7 +110,7 @@ Process Security Analysis Attributes
110110
:status: valid
111111
:tags: prio_1_automation, attribute, mandatory
112112
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
113-
:complies:
113+
:complies: std_req__isosae21434__continual_8322, std_req__isosae21434__continual_8621, std_req__isosae21434__continual_8622, std_req__isosae21434__assessment_15921
114114

115115
Each Security Analysis shall have the status invalid until the analysis is finished.
116116
The status shall be set to valid if the analysis is finished and all issues are closed.
@@ -120,7 +120,7 @@ Process Security Analysis Attributes
120120
:status: valid
121121
:tags: prio_1_automation, attribute, mandatory
122122
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
123-
:complies:
123+
:complies: std_req__isosae21434__continual_8321, std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15721, std_req__isosae21434__assessment_15722, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
124124

125125
Every Security Analysis shall have a short description of the threat impact
126126
(e.g. threat leads to unauthorized access of the analyzed element)
@@ -210,7 +210,7 @@ Security Analysis Checks
210210
:status: valid
211211
:tags: prio_1_automation, attribute, check
212212
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
213-
:complies:
213+
:complies: std_req__isosae21434__continual_8621,
214214

215215
It shall be checked if all mandatory attributes for each Security Analysis are
216216
provided by the user. For all Security Analysis following attributes shall be mandatory:
@@ -251,7 +251,7 @@ Threat Scenario Security Process Requirements
251251
:status: valid
252252
:tags: prio_1_automation, attribute, mandatory
253253
:satisfies: wf__analyse_sec_platform_featarch, wf__analyse_sec_featarch, wf__analyse_sec_comparch
254-
:complies:
254+
:complies: std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
255255

256256
Each threat scenario used for the Security Analysis shall have a threat scenario ID.
257257
The threat scenario ID is used to identify the related threat <:need:`gd_guidl__sec_ana_threat_scenarios`>.
@@ -267,7 +267,7 @@ Threat Models Process Requirements
267267
:status: valid
268268
:tags: prio_1_automation, attribute, mandatory
269269
:satisfies: wf__analyse_sec_featarch, wf__analyse_sec_comparch
270-
:complies:
270+
:complies: std_req__isosae21434__assessment_15621, std_req__isosae21434__assessment_15622, std_req__isosae21434__assessment_15723, std_req__isosae21434__assessment_15724, std_req__isosae21434__assessment_15725, std_req__isosae21434__assessment_15821, std_req__isosae21434__assessment_15822, std_req__isosae21434__assessment_15921
271271

272272
Each threat used for Security Analysis shall have a threat ID. The threat ID is used
273273
to identify the related threat <:need:`gd_guidl__threat_models_stride`>.

0 commit comments

Comments
 (0)