SAMMY works best on screens 1024px wide or larger.
ASPICE Cybersecurity
Browse ASPICE Cybersecurity
SEC.3: Risk Treatment Verification
SEC.3: 1) Risk treatment verification measures are developed.
  • BP1: Specify risk treatment verification measures. Specify risk treatment verification measures suitable to provide evidence of compliance of the implementation with the cybersecurity requirements and the refined architectural design and detailed design.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the implementation of the design and integration of the components comply with the cybersecurity requirements, the refined architectural design and detailed design.

SEC.3: 2) Verification measures are selected according to the release scope.
  • BP2: Select verification measures. Document the selection of verification measures considering selection criteria including criteria for regression verification. The documented selection of verification measures shall have sufficient coverage according to the release scope.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the implementation of the design and integration of the components comply with the cybersecurity requirements, the refined architectural design and detailed design.

SEC.3: 3) The implementation of the design and the integration of the components is verified. Verification results are recorded
  • BP3: Perform risk treatment verification activities. Verify the implementation of the design and component integration using the selected risk treatment verification measures. Record the risk treatment verification results including pass/fail status and corresponding verification measure data.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the implementation of the design and integration of the components comply with the cybersecurity requirements, the refined architectural design and detailed design.

SEC.3: 4) Consistency and bidirectional traceability are established between the risk treatment verification measures and the cybersecurity requirements, as well as between the risk treatment verification measures and the refined architectural design, detailed design and software units. Bidirectional traceability is established between the verification results and the risk treatment verification measures.
  • BP4: Ensure consistency and establish bidirectional traceability. Ensure consistency and establish bidirectional traceability between the risk treatment verification measures and the cybersecurity requirements. Ensure consistency and establish bidirectional traceability between the risk treatment verification measures and the refined architectural design, detailed design and software units. Establish bidirectional traceability between the verification results and risk treatment verification measures.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the implementation of the design and integration of the components comply with the cybersecurity requirements, the refined architectural design and detailed design.

SEC.3: 5) The results of the risk treatment verification are summarized and communicated to all affected parties.
  • BP5: Summarize and communicate results. Summarize the risk treatment verification results and communicate them to all affected parties.
N: Not achieved - Not achieved: 0 to ≤ 15% achievement.
P-: Partially achieved - - Partially achieved -: >15% to ≤ 32.5% achievement.
P+: Partially achieved + - Partially achieved +: >32.5% to ≤ 50% achievement.
L-: Largely achieved - - Largely achieved -: >50% to ≤ 67.5% achievement.
L+: Largely achieved + - Largely achieved +: >67.5% to ≤ 85% achievement.
F: Fully achieved - Fully achieved: >85% to ≤ 100% achievement.
Description

The purpose is to confirm that the implementation of the design and integration of the components comply with the cybersecurity requirements, the refined architectural design and detailed design.