SAMMY works best on screens 1024px wide or larger.
ASPICE Cybersecurity
Browse ASPICE Cybersecurity
SEC.1: Cybersecurity Requirements Elicitation
SEC.1: 1) Cybersecurity goals are specified.
  • BP1: Specify cybersecurity goals and cybersecurity requirements. Specify cybersecurity goals for the threat scenarios according to the decisions regarding risk treatment to achieve risk reduction. Specify functional and non-functional cybersecurity requirements for the cybersecurity goals. Specify these according to defined characteristics for requirements.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to specify cybersecurity goals and requirements from the outcomes of cybersecurity risk management covering the threat scenarios.

SEC.1: 2) Cybersecurity requirements are derived from cybersecurity goals.

The purpose is to specify cybersecurity goals and requirements from the outcomes of cybersecurity risk management covering the threat scenarios.

N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to specify cybersecurity goals and requirements from the outcomes of cybersecurity risk management covering the threat scenarios.

SEC.1: 3) Consistency and bidirectional traceability are maintained between cybersecurity requirements and goals and between the cybersecurity goals and the threat scenarios.
  • BP3: Ensure consistency and establish bidirectional traceability. Ensure consistency and establish bidirectional traceability between the cybersecurity requirements and the cybersecurity goals. Ensure consistency and establish bidirectional traceability between the cybersecurity goals and the threat scenarios.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to specify cybersecurity goals and requirements from the outcomes of cybersecurity risk management covering the threat scenarios.

SEC.1: 4) The cybersecurity requirements are agreed and communicated to all affected parties.
  • BP4: Communicate agreed cybersecurity requirements. Communicate agreed cybersecurity requirements to all affected parties.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to specify cybersecurity goals and requirements from the outcomes of cybersecurity risk management covering the threat scenarios.