Security Planning, Design, and Implementation
- Define security roles and responsibilities
- Understand stakeholders’ mission/business and operational environment
- Identify security-relevant constraints and assumptions
- Identify and assess threats to assets
- Determine protection needs
- Document stakeholder requirements
- Analyze stakeholder requirements
- Develop system security context
- Identify security functions within the security concept of operations
- Develop system security requirements baseline
- Analyze and define security constraints
- Analyze system security requirements for completeness, adequacy, conflicts, and inconsistencies
- Perform functional analysis and allocation
- Maintain mutual traceability between specified design and system requirements
- Define system security design components
- Perform trade-off studies for system components
- Assess information protection effectiveness
- Perform system security implementation and integration
- Perform system security deployment activities
- Perform system security verification
- Perform system security validation