Top

Published in:

2023 | OriginalPaper | Chapter

Patterns for Integrating NIST 800-53 Controls into Security Assurance Cases

Authors : Torin Viger, Simon Diemert, Olivia Foster

Published in: Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

It is sure that critical systems are appropriately secure and protected against malicious threats. In this paper, we present a novel pattern for Security Assurance Cases that integrates security controls from the NIST-800-53 cyber security standard into a comprehensive argument about system security. Our framework uses Eliminative Argumentation to increase confidence that these controls have been applied correctly by explicitly considering and addressing doubts in the argument.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter RACK: A Semantic Model and Triplestore for Curation of Assurance Case Evidence

next chapter Analyzing Origins of Safety and Security Interactions Using Feared Events Trees and Multi-level Model

ISO 26262 - Road vehicles—Functional safety. Standard, International Organization for Standardization, Switzerland (2018)

NIST 800-53 - Security and Privacy Controls for Information Systems and Organizations. Special Publication SP 800-53, National Institute of Standards and Technology (2020)

ISO 21434 - Road vehicles - Cybersecurity engineering. Standard, International Organization for Standardization (2021)

Socrates - Assurance Case Editor (2023). https://safetycasepro.com

Bloomfield, R., Bishop, P., Jones, C., Froome, P.: ASCAD – Adelard safety case development manual. Technical report, Adelard (1998)

Burton, S., Gauerhof, L., Heinzemann, C.: Making the case for safety of machine learning in highly automated driving. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 5–16. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_1CrossRef

Diemert, S., Joyce, J.: Eliminative argumentation for arguing system safety - a practitioner’s experience. In: 2020 IEEE International Systems Conference (SysCon), pp. 1–7 (2020). iSSN 2472-9647

Diemert, S., Goodenough, J., Joyce, J., Weinstock, C.: Incremental assurance through eliminative argumentation. J. Syst. Saf. 58(1), 7–15 (2023)CrossRef

Goodenough, J.B., Weinstock, C.B., Klein, A.Z.: Eliminative argumentation: a basis for arguing confidence in system properties. Technical report, Carnegie Mellon University-Software Engineering Institute Pittsburgh United (2015)

10.

ACW Group: Assurance Case Guidance - Challenges, Common Issues and Good Practice (Version 1.1). Technical report, Safety Critical Systems Club (2021)

11.

ACW Group: Goal Structuring Notation Community Standard (Version 3). Technical report, Safety Critical Systems Club (2021)

12.

Holloway, C.M.: The Friendly Argument Notation (FAN). Technical report (2020). https://ntrs.nasa.gov/citations/20205002931, nTRS Author Affiliations: Langley Research Center NTRS Document ID: 20205002931 NTRS Research Center: Langley Research Center (LaRC)

13.

Jahan, S., et al.: MAPE-K/MAPE-SAC: an interaction framework for adaptive systems with security assurance cases. Futur. Gener. Comput. Syst. 109, 197–209 (2020)CrossRef

14.

Kelly, T.P.: Arguing safety - a systematic approach to safety case management. Ph.D. thesis, University of York (1998)

15.

Muckin, M., Fitch, S.C.: A Threat-Driven Approach to Cyber Security. Lockheed Martin Corporation (2014)

16.

Toulmin, S.E.: The Uses of Argument, 2nd edn. Cambridge University Press, Cambridge (2003). https://doi.org/10.1017/CBO9780511840005CrossRef

17.

Wikipedia: Autonomous cargo ship—Wikipedia, the free encyclopedia (2023). https://en.wikipedia.org/wiki/Autonomous_cargo_ship. Accessed 29 Apr 2023

Title: Patterns for Integrating NIST 800-53 Controls into Security Assurance Cases
Authors: Torin Viger
Simon Diemert
Olivia Foster
Publisher: Springer Nature Switzerland
Book: Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops
Print ISBN: 978-3-031-40952-3

Electronic ISBN: 978-3-031-40953-0

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-3-031-40953-0_14

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner