Framework Secure Software Controls

By Danny Onwezen|mei 16, 2021


Version
Download 14
Total Views 19
Stock
File Size 267.33 KB
File Type pdf
Create Date 16 mei 2021
Last Updated 16 mei 2021
Downloaden

The framework consists of four phases:

  1. In the context phase, the software system is described along with its desired security properties and assumptions. This is the basis for the rest of the evaluation and will be part of the public audit report.
  2. The threats phase deals with identifying possible attacks against the software system and the associated mitigating measures against these threats.
  3. In the implementation phase, the code and configuration of a software system is inspected.
  4. The verification phase looks at how the development organization verifies whether the implementation really is secure. This should not be confused with the assessment that an auditor performs on the implementation.

In each phase, developers create something that an auditor can assess. The exact developer actions and audit criteria are described within the controls.

Share this Post: