Security Architecture and Design - system security requirements
Security Architecture and Design
Defining System Security Requirements
Regardless of which framework is used to define the system context and system requirements, the ISSEP should have a complete understanding of what is required from the system to meet the customer's missions. For ISSEPs to define the system security requirements, they need to understand what will be inside the network, what will be outside the network, and any relationships and interfaces to other systems.
The system security context, system security requirements, and the preliminary security CONOPS are coordinated with the ISSEP, SE, the customer, and the owners of external systems. To begin, we look at how to define the system security context.
Define the System Security Context
When defining the system security context, the ISSEP determines system boundaries and interfaces with other systems and allocates security functions to target or external systems. This process is similar to how the SE defines the system context. The ISSEP also defines data flows between the target and any external systems and identifies the protection needs associated with those flows. Information management needs and information protection needs are allocated to the target system and to external systems.
If there are external network connections or interfaces for the enclave, they need to be documented, as well as listing any specific functions that will be needed for those connections. For example, if the system context document from the SE identifies and documents data flows between the target and external systems, the ISSEP in the system security context must document any information protection needs associated with those flows. Typically, the ISSEP will work alongside the SE while the system context information is being defined to gain a clear understanding of the information flow.
As an example, the security context for an application might be used to establish a context in which authentication and authorization actions are carried out. The ISSEP would designate that the developer must create a security context for the application development effort. As such, the ISSEP would define users, groups, and rules that apply to the developers who are working on the project.
Define System Security Requirements
The system security requirements specify what security a system must perform, without specifying its design or implementation. The system security requirements must clarify and define security functional requirements and design constraints. The ISSEP works with SEs to define system security requirements, system security modes of operation, and system security performance measures. Together, the SE and ISSEP ensure that the requirements are understandable, unambiguous, comprehensive, and concise.
Any performance requirements and residual design constraints identified in the Information Management Plan are carried forward as part of the system security requirements document. Design constraints are not independent of implementation but represent design decisions or partial system design. In the system security requirements document, the design constraints should be identified separately from system interface requirements, which must be documented, including any that are imposed by external systems. Design constraints define factors that limit design flexibility, such as environmental conditions or limits, defense against internal or external threats, and contract, customer, or regulatory standards.
Define the Preliminary System Security CONOPS
A preliminary security CONOPS describes, from the customer's perspective, what information management and information protection functions the system will need to perform and support the mission. The preliminary security CONOPS does not define step-by-step procedures; it defines the interface or reliance of mission/business needs with other systems and the products and services they deliver.
Because the customer is most familiar with the overall operations, the ISSEP should coordinate directly with the customer to develop the preliminary system security CONOPS. To begin, the ISSEP works with the customer to identify security operations, support, and management concepts and issues for the system under design and development. The security CONOPS is used by the SE in the system design/architecture phase as an aid for improving communications and understanding between the operational and engineering communities involved in the program.