SAMMY works best on screens 1024px wide or larger.
ASPICE Cybersecurity
Browse ASPICE Cybersecurity
SEC.4: Risk Treatment Validation
SEC.4: 1) Risk treatment validation measures are specified based on the cybersecurity goals.
  • BP1: Specify risk treatment validation measures. Specify the risk treatment validation measures to provide evidence for achievement of the associated cybersecurity goals.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the integrated system achieves the associated cybersecurity goals.

SEC.4: 2) Validation measures are selected according to defined criteria, including criteria for regression validation.
  • BP2: Select validation measures. Document the selection of validation measures according to defined criteria including criteria for regression validation. The documented selection of validation measures shall have sufficient coverage of the cybersecurity goals.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the integrated system achieves the associated cybersecurity goals.

SEC.4: 3) The integrated system is validated using the specified validation measures, and the results of the validation are recorded.
  • BP3: Perform risk treatment validation activities. Validate the integrated system using the selected risk treatment validation measures. Record the validation results and corresponding validation measure data.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the integrated system achieves the associated cybersecurity goals.

SEC.4: 4) Consistency and bidirectional traceability are established between the validation measures and the cybersecurity goals; and bidirectional traceability is established between validation results and validation measures.
  • BP4: Ensure consistency and establish bidirectional traceability. Ensure consistency and establish bidirectional traceability between risk treatment validation measures and cybersecurity goals. Establish bidirectional traceability between validation results and validation measures.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the integrated system achieves the associated cybersecurity goals.

SEC.4: 5) The results of the risk treatment validation are summarized and communicated to all affected parties.
  • BP5: Summarize and communicate results. Summarize the risk treatment validation results and communicate them to all affected parties.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the integrated system achieves the associated cybersecurity goals.