SAMMY works best on screens 1024px wide or larger.
ASPICE Cybersecurity
Browse ASPICE Cybersecurity
SEC.2: Cybersecurity Implementation
SEC.2: 1) The architecture of the system, software, and hardware is refined.
  • BP1: Refine the details of the architecture. The architecture of the system, software, and hardware is refined based on cybersecurity requirements.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 2) Consistency and bidirectional traceability are established between cybersecurity requirements and system architecture, software architecture and components of hardware architecture; consistency and bidirectional traceability are established between cybersecurity requirements and software detailed design and hardware detailed design.
  • BP2 Ensure consistency and establish bidirectional traceability for cybersecurity requirements. Ensure consistency and establish bidirectional traceability between cybersecurity requirements and system architecture, software architecture and components of hardware architecture. Ensure consistency and establish bidirectional traceability between cybersecurity requirements and software detailed design and hardware detailed design.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 3) Appropriate cybersecurity controls are selected.
  • BP3: Select cybersecurity controls. Select appropriate cybersecurity controls to achieve or support the cybersecurity requirements including an explanation of how the related risk is mitigated.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 4) Weaknesses are analyzed.
  • BP4: Analyze architecture for weaknesses. Analyze the architecture of the system, software, and hardware, incl. interfaces and detailed design regarding weaknesses to identify vulnerabilities. Document the design decisions.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 5) Detailed design of software and hardware is refined.
  • BP5: Refine the detailed design. The detailed design is refined based on the architecture of the software and hardware.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 6) Consistency and bidirectional traceability are established between the software architecture and software detailed design; and consistency and bidirectional traceability are established between the components of hardware architecture and hardware detailed design.
  • BP6: Ensure consistency and establish bidirectional traceability for architecture and detailed design. Ensure consistency and establish bidirectional traceability between the software architecture and software detailed design. Ensure consistency and establish bidirectional traceability between the components of hardware architecture and hardware detailed design.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.

SEC.2: 7) The agreed cybersecurity implementation is communicated to all affected parties.
  • BP7: Communicate agreed results of cybersecurity implementation. Communicate the agreed results of the cybersecurity implementation to all affected parties.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to refine the design of the system, software and hardware, consistent with the cybersecurity requirements and to ensure they are implemented.