1 MRS-001
The C5-DEC software SHALL integrate at least one open-source tool allowing users to create diagrams from a plain text language, e.g., PlantUML, Mermaid.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Efficiency and programmable diagram generation |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
2 MRS-002
The C5-DEC software SHALL store textual requirements, test case definitions and design diagrams alongside source code in the same repository.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To facilitate interlinking of assets |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
3 MRS-003
The C5-DEC software SHALL store system artifact specifications (e.g., requirements, test cases, design diagram), created using its own suite of tools, in an open file format.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
4 MRS-004
The C5-DEC software SHALL identify all its stored artifacts using a unique identifier.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To ensure traceability |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
5 MRS-005
The C5-DEC software SHALL integrate an open-source solution for requirements engineering and requirements management.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
6 MRS-006
The C5-DEC software SHALL provide a feature for linking system artifacts with one another based on the artifacts’ respective IDs.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To facilitate interlinking |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
7 MRS-007
The C5-DEC software SHALL use a distributed version control system for the storage of its artifacts to track changes in its files/artifacts.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
8 MRS-008
The C5-DEC software SHOULD use the git version control software.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Maturity, features, widely available tool support and documentation |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
9 MRS-009
The C5-DEC software SHALL provide a requirements management functionality that can create requirement hierarchies.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
10 MRS-010
The C5-DEC software SHALL provide requirements traceability.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
11 MRS-011
The C5-DEC software SHALL provide a V&V feature for creating test cases/procedures and generating test reports.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
12 MRS-012
The C5-DEC software MAY integrate an open-source testing framework/solution.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
13 MRS-013
The C5-DEC software SHOULD allow the user to add/attach labels or tags to its artifacts, e.g., TC, REQ, DIA, etc.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
14 MRS-014
The C5-DEC software SHALL provide a project management feature for converting time reports generated by OpenProject to a tabular format defined by the user.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
15 MRS-015
The C5-DEC software SHALL provide a PM feature for consolidating and merging individual time reports/sheets into a single time report.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
16 MRS-016
The C5-DEC software SHALL provide an ISMS feature for verifying the presence of the content of a folder in a document list tracking the said content.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 2 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
17 MRS-017
The C5-DEC software SHALL provide import and export functions that can import and export all its artifacts from and to using at least one open file format, e.g., CSV, JSON, Markdown, etc.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
18 MRS-018
The C5-DEC software SHALL provide a collaboration feature or an option for integrating with an existing platform that allows the users of the C5-DEC software to access and share artifacts managed by the C5-DEC software.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
19 MRS-019
The C5-DEC software SHALL provide user management, including user creation, editing and deletion.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
20 MRS-020
The C5-DEC software SHALL provide user authentication.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
21 MRS-021
The C5-DEC software SHALL provide user authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
22 MRS-022
The C5-DEC software SHALL provide access control that can provide at least two types of asset access restriction: admin and standard user.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
23 MRS-023
The C5-DEC software SHALL provide web-based sharing of assets.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
24 MRS-024
The C5-DEC software SHOULD provide a feature for performing cryptographic secret sharing, based on Shamir's secret sharing algorithm.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
25 MRS-025
The C5-DEC software SHOULD provide a feature for computing a hash function, using SHA256, over a given a file to verify the integrity of this file by comparing the resulting hash digest value with a reference value.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
26 MRS-026
The C5-DEC software SHALL implement the modules specified in the project constraints and assumptions and the system overview, with the baseline features specified in the project constraints description.
Child links: ARC002 C5-DEC CAD functional tree, ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Project constraints and assumptions, system overview |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
27 MRS-027
The C5-DEC software SHALL provide a feature for linking requirements and test cases to specific lines or definitions (e.g., function, class) in source code by using annotations that encode the corresponding requirement or test case ID.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 1 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
28 MRS-028
The C5-DEC software SHOULD allow the user to search and filter requirements using full-text search and all requirement attributes.
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | Ease of use and efficiency |
| importance | 5 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
29 MRS-029
The C5-DEC software SHOULD allow the user to search and filter artifacts using labels or tags.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | Ease of use and efficiency |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
30 MRS-030
The C5-DEC software SHALL include a feature in its Common Criteria Toolbox (CC) that can store SFRs/SARs in the same open file format used for storing all other artifacts.
Child links: SRS-001 Access and Browse Database for CC Security Components, SRS-027 Unified Storage Mechanism for CC Artifacts and Security Elements, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
31 MRS-031
The C5-DEC software MAY integrate an open-source threat modelling solution.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
32 MRS-032
The C5-DEC software SHALL provide a Common Criteria Toolbox (CCT) implementation satisfying the requirements stated in the C5-DEC CCM.
Child links: SRS-014 Access and Navigation Through Knowledge Base, SRS-015 Comprehensive and User-Friendly Explanations, SRS-016 Interconnected Framework and Seamless Navigation, SRS-017 Availability of Pragmatic Guidance and Best Practices, SRS-018 Continuous Updates and Assurance of Current Information, SRS-019 Integration of Multimedia Elements in Knowledge Articles, SRS-020 Integrating Links to FAQ Section, SRS-021 Provision of General Link to a CC-Specific Forum, SRS-022 Data Storage and Format Mapping, SRS-023 Bidirectional Transformation and Consistency, SRS-028 Automated Rationale and Traceability Matrix Generation, SRS-029 Verification of Rationales and Traceability Matrices, SRS-030 Detailed Consistency and Completeness Checks, SRS-004 Tailor Security Requirements., SRS-040 Flagging and Addressing Failed Work Units with Cascading Flags, SRS-031 Automated Validation of Relationships, Attributes, and Dependencies, SRS-032 Seamless Aggregation and Presentation of SARs and Work Units, SRS-033 API Provision for Threat Importation, SRS-034 Transformation of Imported Threats to CC-conformant Format, SRS-035 Automated Evaluation Checklist Creation, SRS-036 Evaluation Progress Tracking, SRS-037 Work Unit Artifact Linking, SRS-038 Automated OR Generation, SRS-039 Automated ETR Generation, SRS-041 Logging evaluated Work Units, SRS-042 Extend Data Model Across Entire CC Ecosystem, SRS-043 Provide CC Document Templates, SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
33 MRS-033
The C5-DEC software SHOULD either provide a threat modelling and analysis tool as part of the CPSSA module, based on the TM method described in the C5-DEC SSDLC and the C5-DEC CPSSA reports/guides or alternatively use data formats that do not prevent the use of already existing open-source solutions mentioned in the CPSSA report.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
34 MRS-034
The C5-DEC software SHOULD provide a feature for extracting user specified design assets (specified in design artifacts such as diagrams or a plain text Markup language) and exporting these to an open file format.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
35 MRS-035
The C5-DEC software SHOULD either provide a risk management tool supporting the features described in the C5-DEC CCM or integrate an existing open-source solution.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
36 MRS-036
The CC toolbox SHOULD store all Security Functional Classes, Security Assurance Classes, Evaluation Activities, and Packages, in a structured human and machine-readable format in the C5-DEC document-based data store.
Child links: SRS-001 Access and Browse Database for CC Security Components, SRS-027 Unified Storage Mechanism for CC Artifacts and Security Elements, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis; risk related to availability |
| importance | 3 |
| urgency | 2 |
| risk | 3 |
| difficulty | 3 |
37 MRS-037
The CC toolbox SHOULD adopt a storage format that maintains a mapping to the available CC XML-file and that can be validated against the corresponding DTD file, either directly via a 1-to-1 mapping between CCT DB of CC and the official CC XML or through a reference file providing the mapping.
Child links: SRS-022 Data Storage and Format Mapping
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis; risk related to change in XML DTD |
| importance | 4 |
| urgency | 1 |
| risk | 3 |
| difficulty | N/A |
38 MRS-038
The CC toolbox SHOULD be able to automatically transform content from and to the CC defined XML format, relative to the C5-DEC custom data storage format.
Child links: SRS-023 Bidirectional Transformation and Consistency
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 3 |
| difficulty | N/A |
39 MRS-039
The CC toolbox SHALL maintain a Common Criteria Knowledge Base consisting of explanatory definitions and user guidance for CC Terms and Definitions, Concepts, and Core Constructs.
Child links: SRS-014 Access and Navigation Through Knowledge Base, SRS-015 Comprehensive and User-Friendly Explanations, SRS-016 Interconnected Framework and Seamless Navigation, SRS-017 Availability of Pragmatic Guidance and Best Practices, SRS-018 Continuous Updates and Assurance of Current Information
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
40 MRS-040
The CC toolbox MAY include a CC forum and FAQ, complementing its Knowledge Base.
Child links: SRS-020 Integrating Links to FAQ Section, SRS-021 Provision of General Link to a CC-Specific Forum
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 2 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
41 MRS-041
The CC toolbox SHOULD provide a database of generic threats, risks, and countermeasures.
Child links: SRS-024 Threats, Risks, and Countermeasures Database, SRS-033 API Provision for Threat Importation, SRS-034 Transformation of Imported Threats to CC-conformant Format
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
42 MRS-042
The CC toolbox DB of threats, risks and countermeasures MAY include content from the BSI Grundschutz, ISO 27005, NIST SPs and the CC.
Child links: SRS-024 Threats, Risks, and Countermeasures Database
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
43 MRS-043
The CC toolbox SHOULD provide means of automation for the generation of ORs and ETRs used during and as a result of CC CEM-based security evaluation.
Child links: SRS-040 Flagging and Addressing Failed Work Units with Cascading Flags, SRS-035 Automated Evaluation Checklist Creation, SRS-036 Evaluation Progress Tracking, SRS-037 Work Unit Artifact Linking, SRS-038 Automated OR Generation, SRS-039 Automated ETR Generation, SRS-041 Logging evaluated Work Units
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
44 MRS-044
Based on the C5-DEC CPSSA report of the C5-DEC knowledge base, the CC toolbox SHOULD provide a support mechanism for generating additional evaluation evidence required by the EUCC and provide guides for tailoring existing evaluation evidence to be conformant with EUCC requirements.
Child links: SRS-025 Support Mechanism for EUCC Additional Evaluation Evidence
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
45 MRS-045
The CC toolbox SHOULD store the generic Security Objectives defined by Article 51 of the CSA.
Child links: SRS-026 Storing Generic Security Objectives of CSA Article 51
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
46 MRS-046
The C5-DEC software MAY provide a feature for cryptographically signing individual files and verifying digital signatures using GPG to verify the authenticity of a file, with an additional option to sign using a digital signature algorithm either from NIST PQC 2022 selected algorithms or the ENISA post-quantum cryptography integration study October 2022.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
47 MRS-047
The C5-DEC software MAY provide a feature for public-key encryption using a PQC algorithm, selected either from the NIST PQC 2022 selected algorithms or the ENISA post-quantum cryptography integration study October 2022.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis. |
| importance | 3 |
| urgency | 2 |
| risk | 4 |
| difficulty | N/A |
48 MRS-048
The C5-DEC knowledge base SHALL include a dedicated Software Development Plan Model (SDPM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
49 MRS-049
The C5-DEC knowledge base SHALL include a Verification & Validation Plan Model (VVPM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
50 MRS-050
The C5-DEC knowledge base SHALL include a Software Project Management Model (SPMM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
51 MRS-051
The C5-DEC knowledge base SHALL include a secure SDLC (SSDLC) publication addressing secure software/system development.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
52 MRS-052
The CPSSA component of the C5-DEC knowledge base SHALL include a Common Criteria model (CCM) describing how the C5-DEC software approaches tool support for CC.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
53 MRS-053
The C5-DEC knowledge base SHALL include a CC-inspired Threat Modelling Model (CC-TMM).
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-003 Export Security Components, SRS-004 Tailor Security Requirements., SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
54 MRS-054
The CPSSA report of the C5-DEC knowledge base SHALL include a system/product-oriented (Cyber)Security Risk Management method and a Security Risk Assessment (SRA) Model.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
55 MRS-055
The CCM SHALL define CC-related activities complementing the C5-DEC SSDLC.
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-003 Export Security Components, SRS-004 Tailor Security Requirements., SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
56 MRS-056
The C5-DEC software SHALL use a persistent NoSQL, document-oriented data store for storing all artifacts created or imported using the C5-DEC software.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | T |
| rationale | Portability, interoperability, easy & effective integration in version control |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
57 MRS-057
The C5-DEC software SHALL make use of a web-based software development platform (e.g., GitLab, GitHub) to enforce user management, access control, authentication, and authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | R |
| rationale | To build on existing well-established solutions and cut unneeded effort |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
58 MRS-058
The C5-DEC software SHOULD follow a modular design.
docs/specs/arc/assets/cad_context_diagram.pngdocs/specs/arc/assets/functional_tree.pngdocs/specs/arc/assets/subsystems.pngdocs/specs/arc/assets/system_architecture.pngdocs/specs/swd/assets/packages.pngdocs/specs/swd/assets/classes.pngdocs/specs/swd/assets/cct_class_diagram.png
Child links: ARC001 C5-DEC CAD context diagram, ARC002 C5-DEC CAD functional tree, ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
59 MRS-059
The C5-DEC software SHALL enforce user management, access control, authentication, and authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | S |
| vm | R |
| rationale | See Mission Analysis. |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
60 MRS-060
The C5-DEC software SHOULD store assets selected for security risk assessment in a format that can be imported by the TRICK Service risk management web application.
| Attribute | Value |
|---|---|
| type | I |
| vm | T |
| rationale | See Mission Analysis. |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |