1 Diagram generation tool MRS-001
The C5-DEC software SHALL integrate at least one open-source tool allowing users to create diagrams from a plain text language, e.g., PlantUML, Mermaid.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Efficiency and programmable diagram generation |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
2 Unified repository storage MRS-002
The C5-DEC software SHALL store textual requirements, test case definitions and design diagrams alongside source code in the same repository.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To facilitate interlinking of assets |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
3 Open file format MRS-003
The C5-DEC software SHALL store system artifact specifications (e.g., requirements, test cases, design diagram), created using its own suite of tools, in an open file format.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
4 Unique artifact IDs MRS-004
The C5-DEC software SHALL identify all its stored artifacts using a unique identifier.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To ensure traceability |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
5 Requirements management tool MRS-005
The C5-DEC software SHALL integrate an open-source solution for requirements engineering and requirements management.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
6 Artifact linking feature MRS-006
The C5-DEC software SHALL provide a feature for linking system artifacts with one another based on the artifacts’ respective IDs.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | To facilitate interlinking |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
7 Version control system MRS-007
The C5-DEC software SHALL use a distributed version control system for the storage of its artifacts to track changes in its files/artifacts.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
8 Use Git software MRS-008
The C5-DEC software SHOULD use the git version control software.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Maturity, features, widely available tool support and documentation |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
9 Requirement hierarchies MRS-009
The C5-DEC software SHALL provide a requirements management functionality that can create requirement hierarchies.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
10 Requirements traceability MRS-010
The C5-DEC software SHALL provide requirements traceability.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
11 V&V test features MRS-011
The C5-DEC software SHALL provide a V&V feature for creating test cases/procedures and generating test reports.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
12 Testing framework integration MRS-012
The C5-DEC software MAY integrate an open-source testing framework/solution.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
13 Artifact tagging MRS-013
The C5-DEC software SHOULD allow the user to add/attach labels or tags to its artifacts, e.g., TC, REQ, DIA, etc.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
14 Project management feature MRS-014
The C5-DEC software SHALL provide a project management feature for converting time reports generated by OpenProject to a tabular format defined by the user.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
15 Time report consolidation MRS-015
The C5-DEC software SHALL provide a PM feature for consolidating and merging individual time reports/sheets into a single time report.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
16 ISMS folder verification MRS-016
The C5-DEC software SHALL provide an ISMS feature for verifying the presence of the content of a folder in a document list tracking the said content.
Child links: ARC002 C5-DEC CAD functional tree
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 2 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
17 Import/export artifacts MRS-017
The C5-DEC software SHALL provide import and export functions that can import and export all its artifacts from and to using at least one open file format, e.g., CSV, JSON, Markdown, etc.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
18 Collaboration feature MRS-018
The C5-DEC software SHALL provide a collaboration feature or an option for integrating with an existing platform that allows the users of the C5-DEC software to access and share artifacts managed by the C5-DEC software.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
19 User management MRS-019
The C5-DEC software SHALL provide user management, including user creation, editing and deletion.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
20 User authentication MRS-020
The C5-DEC software SHALL provide user authentication.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
21 User authorization MRS-021
The C5-DEC software SHALL provide user authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
22 Access control levels MRS-022
The C5-DEC software SHALL provide access control that can provide at least two types of asset access restriction: admin and standard user.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
23 Web-based asset sharing MRS-023
The C5-DEC software SHALL provide web-based sharing of assets.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
24 Secret sharing feature MRS-024
The C5-DEC software SHOULD provide a feature for performing cryptographic secret sharing, based on Shamir's secret sharing algorithm.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
25 File integrity check MRS-025
The C5-DEC software SHOULD provide a feature for computing a hash function, using SHA256, over a given a file to verify the integrity of this file by comparing the resulting hash digest value with a reference value.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
26 Baseline module implementation MRS-026
The C5-DEC software SHALL implement the modules specified in the project constraints and assumptions and the system overview, with the baseline features specified in the project constraints description.
Child links: ARC002 C5-DEC CAD functional tree, ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | Project constraints and assumptions, system overview |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
27 Link requirements to code MRS-027
The C5-DEC software SHALL provide a feature for linking requirements and test cases to specific lines or definitions (e.g., function, class) in source code by using annotations that encode the corresponding requirement or test case ID.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 1 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
28 Search and filter MRS-028
The C5-DEC software SHOULD allow the user to search and filter requirements using full-text search and all requirement attributes.
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | Ease of use and efficiency |
| importance | 5 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
29 Filter by tags MRS-029
The C5-DEC software SHOULD allow the user to search and filter artifacts using labels or tags.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | Ease of use and efficiency |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
30 Store SFRs/SARs MRS-030
The C5-DEC software SHALL include a feature in its Common Criteria Toolbox (CC) that can store SFRs/SARs in the same open file format used for storing all other artifacts.
Child links: SRS-001 Access and Browse Database for CC Security Components, SRS-027 Unified Storage Mechanism for CC Artifacts and Security Elements, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
31 Threat modelling solution MRS-031
The C5-DEC software MAY integrate an open-source threat modelling solution.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
32 Provide CCT implementation MRS-032
The C5-DEC software SHALL provide a Common Criteria Toolbox (CCT) implementation satisfying the requirements stated in the C5-DEC CCM.
Child links: SRS-014 Access and Navigation Through Knowledge Base, SRS-015 Comprehensive and User-Friendly Explanations, SRS-016 Interconnected Framework and Seamless Navigation, SRS-017 Availability of Pragmatic Guidance and Best Practices, SRS-018 Continuous Updates and Assurance of Current Information, SRS-019 Integration of Multimedia Elements in Knowledge Articles, SRS-020 Integrating Links to FAQ Section, SRS-021 Provision of General Link to a CC-Specific Forum, SRS-022 Data Storage and Format Mapping, SRS-023 Bidirectional Transformation and Consistency, SRS-028 Automated Rationale and Traceability Matrix Generation, SRS-029 Verification of Rationales and Traceability Matrices, SRS-030 Detailed Consistency and Completeness Checks, SRS-004 Tailor Security Requirements., SRS-040 Flagging and Addressing Failed Work Units with Cascading Flags, SRS-031 Automated Validation of Relationships, Attributes, and Dependencies, SRS-032 Seamless Aggregation and Presentation of SARs and Work Units, SRS-033 API Provision for Threat Importation, SRS-034 Transformation of Imported Threats to CC-conformant Format, SRS-035 Automated Evaluation Checklist Creation, SRS-036 Evaluation Progress Tracking, SRS-037 Work Unit Artifact Linking, SRS-038 Automated OR Generation, SRS-039 Automated ETR Generation, SRS-041 Logging evaluated Work Units, SRS-042 Extend Data Model Across Entire CC Ecosystem, SRS-043 Provide CC Document Templates, SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
33 Threat modelling tool MRS-033
The C5-DEC software SHOULD either provide a threat modelling and analysis tool as part of the CPSSA module, based on the TM method described in the C5-DEC SSDLC and the C5-DEC CPSSA reports/guides or alternatively use data formats that do not prevent the use of already existing open-source solutions mentioned in the CPSSA report.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
34 Export design assets MRS-034
The C5-DEC software SHOULD provide a feature for extracting user specified design assets (specified in design artifacts such as diagrams or a plain text Markup language) and exporting these to an open file format.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
35 Risk management tool MRS-035
The C5-DEC software SHOULD either provide a risk management tool supporting the features described in the C5-DEC CCM or integrate an existing open-source solution.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
36 Store CC classes MRS-036
The CC toolbox SHOULD store all Security Functional Classes, Security Assurance Classes, Evaluation Activities, and Packages, in a structured human and machine-readable format in the C5-DEC document-based data store.
Child links: SRS-001 Access and Browse Database for CC Security Components, SRS-027 Unified Storage Mechanism for CC Artifacts and Security Elements, SRS-002 Query the Database of Security Components.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis; risk related to availability |
| importance | 3 |
| urgency | 2 |
| risk | 3 |
| difficulty | 3 |
37 Adopt CC storage format MRS-037
The CC toolbox SHOULD adopt a storage format that maintains a mapping to the available CC XML-file and that can be validated against the corresponding DTD file, either directly via a 1-to-1 mapping between CCT DB of CC and the official CC XML or through a reference file providing the mapping.
Child links: SRS-022 Data Storage and Format Mapping
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis; risk related to change in XML DTD |
| importance | 4 |
| urgency | 1 |
| risk | 3 |
| difficulty | N/A |
38 Transform CC content MRS-038
The CC toolbox SHOULD be able to automatically transform content from and to the CC defined XML format, relative to the C5-DEC custom data storage format.
Child links: SRS-023 Bidirectional Transformation and Consistency
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 3 |
| difficulty | N/A |
39 Maintain CC knowledge base MRS-039
The CC toolbox SHALL maintain a Common Criteria Knowledge Base consisting of explanatory definitions and user guidance for CC Terms and Definitions, Concepts, and Core Constructs.
Child links: SRS-014 Access and Navigation Through Knowledge Base, SRS-015 Comprehensive and User-Friendly Explanations, SRS-016 Interconnected Framework and Seamless Navigation, SRS-017 Availability of Pragmatic Guidance and Best Practices, SRS-018 Continuous Updates and Assurance of Current Information
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
40 CC forum and FAQ MRS-040
The CC toolbox MAY include a CC forum and FAQ, complementing its Knowledge Base.
Child links: SRS-020 Integrating Links to FAQ Section, SRS-021 Provision of General Link to a CC-Specific Forum
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 2 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
41 Threats and risks DB MRS-041
The CC toolbox SHOULD provide a database of generic threats, risks, and countermeasures.
Child links: SRS-024 Threats, Risks, and Countermeasures Database, SRS-033 API Provision for Threat Importation, SRS-034 Transformation of Imported Threats to CC-conformant Format
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
42 Threat DB sources MRS-042
The CC toolbox DB of threats, risks and countermeasures MAY include content from the BSI Grundschutz, ISO 27005, NIST SPs and the CC.
Child links: SRS-024 Threats, Risks, and Countermeasures Database
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |
43 Automate OR/ETR generation MRS-043
The CC toolbox SHOULD provide means of automation for the generation of ORs and ETRs used during and as a result of CC CEM-based security evaluation.
Child links: SRS-040 Flagging and Addressing Failed Work Units with Cascading Flags, SRS-035 Automated Evaluation Checklist Creation, SRS-036 Evaluation Progress Tracking, SRS-037 Work Unit Artifact Linking, SRS-038 Automated OR Generation, SRS-039 Automated ETR Generation, SRS-041 Logging evaluated Work Units
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
44 EUCC evaluation support MRS-044
Based on the C5-DEC CPSSA report of the C5-DEC knowledge base, the CC toolbox SHOULD provide a support mechanism for generating additional evaluation evidence required by the EUCC and provide guides for tailoring existing evaluation evidence to be conformant with EUCC requirements.
Child links: SRS-025 Support Mechanism for EUCC Additional Evaluation Evidence
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
45 Store CSA objectives MRS-045
The CC toolbox SHOULD store the generic Security Objectives defined by Article 51 of the CSA.
Child links: SRS-026 Storing Generic Security Objectives of CSA Article 51
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 3 |
| urgency | 1 |
| risk | 1 |
| difficulty | N/A |
46 File signing feature MRS-046
The C5-DEC software MAY provide a feature for cryptographically signing individual files and verifying digital signatures using GPG to verify the authenticity of a file, with an additional option to sign using a digital signature algorithm either from NIST PQC 2022 selected algorithms or the ENISA post-quantum cryptography integration study October 2022.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
47 PQC encryption feature MRS-047
The C5-DEC software MAY provide a feature for public-key encryption using a PQC algorithm, selected either from the NIST PQC 2022 selected algorithms or the ENISA post-quantum cryptography integration study October 2022.
| Attribute | Value |
|---|---|
| type | F |
| vm | T |
| rationale | See Mission Analysis. |
| importance | 3 |
| urgency | 2 |
| risk | 4 |
| difficulty | N/A |
48 Include SDPM model MRS-048
The C5-DEC knowledge base SHALL include a dedicated Software Development Plan Model (SDPM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
49 Include VVPM model MRS-049
The C5-DEC knowledge base SHALL include a Verification & Validation Plan Model (VVPM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
50 Include SPMM model MRS-050
The C5-DEC knowledge base SHALL include a Software Project Management Model (SPMM).
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
51 Include SSDLC publication MRS-051
The C5-DEC knowledge base SHALL include a secure SDLC (SSDLC) publication addressing secure software/system development.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
52 Include CC model MRS-052
The CPSSA component of the C5-DEC knowledge base SHALL include a Common Criteria model (CCM) describing how the C5-DEC software approaches tool support for CC.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
53 Include CC-TMM MRS-053
The C5-DEC knowledge base SHALL include a CC-inspired Threat Modelling Model (CC-TMM).
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-003 Export Security Components, SRS-004 Tailor Security Requirements., SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
54 Include SRA model MRS-054
The CPSSA report of the C5-DEC knowledge base SHALL include a system/product-oriented (Cyber)Security Risk Management method and a Security Risk Assessment (SRA) Model.
Child links: ARC003 C5-DEC CAD subsystems architecture
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
55 Define CC activities MRS-055
The CCM SHALL define CC-related activities complementing the C5-DEC SSDLC.
Child links: ARC003 C5-DEC CAD subsystems architecture, SRS-003 Export Security Components, SRS-004 Tailor Security Requirements., SRS-044 Validate Hierarchies and Dependencies in Security Components, SRS-045 Generate Impact Analysis Reports for Certification Maintenance.
| Attribute | Value |
|---|---|
| type | C |
| vm | R |
| rationale | See Mission Analysis |
| importance | 4 |
| urgency | 3 |
| risk | 1 |
| difficulty | N/A |
56 Use NoSQL datastore MRS-056
The C5-DEC software SHALL use a persistent NoSQL, document-oriented data store for storing all artifacts created or imported using the C5-DEC software.
Child links: ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | T |
| rationale | Portability, interoperability, easy & effective integration in version control |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
57 Use web dev platform MRS-057
The C5-DEC software SHALL make use of a web-based software development platform (e.g., GitLab, GitHub) to enforce user management, access control, authentication, and authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | R |
| rationale | To build on existing well-established solutions and cut unneeded effort |
| importance | 5 |
| urgency | 5 |
| risk | 1 |
| difficulty | N/A |
58 Follow modular design MRS-058
The C5-DEC software SHOULD follow a modular design.
docs/specs/arc/assets/cad_context_diagram.drawio.pngdocs/specs/arc/assets/functional_tree.pngdocs/specs/arc/assets/subsystems.pngdocs/specs/arc/assets/system_architecture.pngdocs/specs/swd/assets/packages.pngdocs/specs/swd/assets/classes.pngdocs/specs/swd/assets/cct_class_diagram.png
Child links: ARC001 C5-DEC CAD context diagram, ARC002 C5-DEC CAD functional tree, ARC003 C5-DEC CAD subsystems architecture, ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | A |
| vm | R |
| rationale | See Mission Analysis |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
59 Enforce user management MRS-059
The C5-DEC software SHALL enforce user management, access control, authentication, and authorization.
Child links: ARC004 C5-DEC CAD system architecture
| Attribute | Value |
|---|---|
| type | S |
| vm | R |
| rationale | See Mission Analysis. |
| importance | 5 |
| urgency | 4 |
| risk | 1 |
| difficulty | N/A |
60 Store assets for TRICK MRS-060
The C5-DEC software SHOULD store assets selected for security risk assessment in a format that can be imported by the TRICK Service risk management web application.
| Attribute | Value |
|---|---|
| type | I |
| vm | T |
| rationale | See Mission Analysis. |
| importance | 3 |
| urgency | 2 |
| risk | 1 |
| difficulty | N/A |