diff --git a/process/folder_templates/modules/module_name/docs/index.rst b/process/folder_templates/modules/module_name/docs/index.rst index 026649f587..8e453d9bfb 100644 --- a/process/folder_templates/modules/module_name/docs/index.rst +++ b/process/folder_templates/modules/module_name/docs/index.rst @@ -21,5 +21,6 @@ Module Documents manual/index.rst safety_mgt/index.rst + security_mgt/index.rst verification/module_verification_report.rst release/release_note.rst diff --git a/process/folder_templates/modules/module_name/docs/manual/index.rst b/process/folder_templates/modules/module_name/docs/manual/index.rst index 08ba1a6e1a..df20dd55a3 100644 --- a/process/folder_templates/modules/module_name/docs/manual/index.rst +++ b/process/folder_templates/modules/module_name/docs/manual/index.rst @@ -19,3 +19,4 @@ Manuals :titlesonly: safety_manual + security_manual diff --git a/process/process_areas/security_management/guidance/security_management_security_manual_template.rst b/process/folder_templates/modules/module_name/docs/manual/security_manual.rst similarity index 67% rename from process/process_areas/security_management/guidance/security_management_security_manual_template.rst rename to process/folder_templates/modules/module_name/docs/manual/security_manual.rst index 2d40afc0ae..8c29601853 100644 --- a/process/process_areas/security_management/guidance/security_management_security_manual_template.rst +++ b/process/folder_templates/modules/module_name/docs/manual/security_manual.rst @@ -12,18 +12,26 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* -Security Manual Template -========================= +Security Manual +=============== -.. gd_temp:: Security Manual Template - :id: gd_temp__security_manual - :status: valid - :complies: +.. note:: Document header - Will be moved to Folder Templates (tbd https://github.com/eclipse-score/process_description/issues/109) - For the content see here: need:`doc__module_name_security_manual` - Will also adapted to the latest Safety ManualTemplate +.. document:: [Your Module Name] Security Manual + :id: doc__module_name_security_manual + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__module_security_manual + :tags: template +.. attention:: + The above directive must be updated according to your Module. + + - Modify ``Your Module Name`` to be your Module Name + - Modify ``id`` to be your Module Name in upper snake case preceded by ``doc__`` and succeeded by ``_security_manual`` + - Adjust ``status`` to be ``valid`` + - Adjust ``security`` and ``tags`` according to your needs Introduction/Scope ------------------ @@ -39,7 +47,9 @@ Assumptions of Use Assumptions on the Environment ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -| Generally the assumption of the Project platform OoC is that it is integrated in a secure system, i.e. the POSIX OS it runs on is qualified and also the HW related failures are taken into account by the system integrator, if not otherwise stated in the module's security concept. +| The platform and its components are developed as Out of Context (OoC) with assumptions on the environment. + It is assumed that the platform/components are integrated in a secure system, i.e. qualified POSIX OS. + Also the HW related failures are taken into account by the system integrator, if not otherwise stated in the module's security concept. | List of AoUs expected from the environment the platform / module runs on: @@ -58,12 +68,12 @@ List of AoUs expected from the environment the platform / module runs on: Assumptions on the User ^^^^^^^^^^^^^^^^^^^^^^^ -| As there is no assumption on which specific OS and HW is used, the integration testing of the stakeholder and feature requirements is expected to be performed by the user of the platform EooC. Tests covering all stakeholder and feature requirements performed on a reference platform (tbd link to reference platform specification), reviewed and passed are included in the platform EooC security package. +| As there is no assumption on which specific OS and HW is used, the integration testing of the stakeholder and feature requirements is expected to be performed by the user of the platform OoC. Tests covering all stakeholder and feature requirements performed on a reference platform (tbd link to reference platform specification), reviewed and passed are included in the platform OoC security package. | Additionally the components of the platform may have additional specific assumptions how they are used. These are part of every module documentation: . Assumptions from components to their users can be fulfilled in two ways: | 1. There are assumption which need to be fulfilled by all SW components, e.g. "every user of an IPC mechanism needs to make sure that he provides correct data (e.g. including appropriate security (access) control)" - in this case the AoU is marked as "platform". -| 2. There are assumption which can be fulfilled by a security control realized by some other Project platform component and are therefore not relevant for an user who uses the whole platform. But those are relevant if you chose to use the module EooC stand-alone - in this case the AoU is marked as "module". An example would be the "JSON read" which requires "The user shall provide a string as input which is not corrupted due to HW or QM SW errors." - which is covered when using together with safe platform persistency feature. +| 2. There are assumption which can be fulfilled by a security control realized by some other Project platform component and are therefore not relevant for an user who uses the whole platform. But those are relevant if you chose to use the module OcC stand-alone - in this case the AoU is marked as "module". An example would be the "JSON read" which requires "The user shall provide a string as input which is not corrupted due to HW or QM SW errors." - which is covered when using together with safe platform persistency feature. -List of AoUs on the user of the platform features or the module of this security manual: +List of AoUs on the user of the platform features or the module of this Security Manual: .. needtable:: :style: table @@ -83,7 +93,7 @@ Security concept of the OoC Security Weaknesses, Vulnerabilities ------------------------------------ -| Weaknesses, Vulnerabilities (bugs in security relevant SW, detected by testing or by users, which could not be fixed) known before release are documented in the platform/module release notes . +| Weaknesses, vulnerabilities (bugs in security relevant SW, detected by testing or by users, which could not be fixed) known before release are documented in the platform/module release notes . References ---------- diff --git a/process/folder_templates/modules/module_name/docs/safety_mgt/module_safety_plan.rst b/process/folder_templates/modules/module_name/docs/safety_mgt/module_safety_plan.rst index e37d71a224..98ba039b1c 100644 --- a/process/folder_templates/modules/module_name/docs/safety_mgt/module_safety_plan.rst +++ b/process/folder_templates/modules/module_name/docs/safety_mgt/module_safety_plan.rst @@ -12,8 +12,8 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* -Module Safety Plan -****************** +Safety Plan +*********** .. note:: Document header diff --git a/process/folder_templates/modules/module_name/docs/security_mgt/index.rst b/process/folder_templates/modules/module_name/docs/security_mgt/index.rst new file mode 100644 index 0000000000..49998d3c7b --- /dev/null +++ b/process/folder_templates/modules/module_name/docs/security_mgt/index.rst @@ -0,0 +1,23 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Management +################### + +.. toctree:: + :titlesonly: + + module_security_plan + module_security_plan_fdr + module_security_package_fdr diff --git a/process/process_areas/security_management/guidance/security_management_checklist_security_package.rst b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_package_fdr.rst similarity index 63% rename from process/process_areas/security_management/guidance/security_management_checklist_security_package.rst rename to process/folder_templates/modules/module_name/docs/security_mgt/module_security_package_fdr.rst index 0b60ab029d..b498b36ee4 100644 --- a/process/process_areas/security_management/guidance/security_management_checklist_security_package.rst +++ b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_package_fdr.rst @@ -12,17 +12,31 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* -Security Package Formal Review Checklist -======================================== +Security Package Formal Review Report +===================================== + +.. note:: Document header + +.. document:: [Your Module Name] Security Package Formal Review + :id: doc__module_name_security_package_fdr + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: template + +.. attention:: + The above directive must be updated according to your Module. + + - Modify ``Your Module Name`` to be your Module Name + - Modify ``id`` to be your Module Name in upper snake case preceded by ``doc_`` and succeeded by ``safety_package_fdr`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety`` and ``tags`` according to your needs -.. gd_chklst:: Security Package Formal Review Checklist - :id: gd_chklst__security_package - :status: valid - :complies: std_req__isosae21434__prj_management_6471, std_req__isosae21434__prj_management_6491, std_req__isosae21434__prj_management_6492 **1. Purpose** -The purpose of this review checklist is to report status of the formal review for the security package. +The purpose of this review checklist is to report status of the formal review for the Security Package. **2. Checklist** @@ -32,17 +46,17 @@ See also :ref:`review_concept` for further information about reviews in general :header-rows: 1 * - Id - - Security package activity + - Security Package activity - Compliant to ISO SAE 21434? - Comment * - 1 - - Is a security package provided which matches the security plan (i.e. all planned work products referenced)? + - Is a Security Package provided which matches the Security Plan (i.e. all planned work products referenced)? - [YES | NO ] - * - 2 - - Is the argument how security is achieved, provided in the security package, plausible and sufficient? + - Is the argument how security is achieved, provided in the Security Package, plausible and sufficient? - NO - The argument is intentionally not provided by the Project. @@ -52,9 +66,9 @@ See also :ref:`review_concept` for further information about reviews in general - * - 4 - - Are the referenced work products in released state, including the process security audit? + - Are the referenced work products in released state, including the Process Security Audit? - NO - - Security audit is currently not planned, tailored out. + - Security Audit is currently not planned, tailored out. * - 5 - If security related deviations from the process or security concept are documented, are these argued understandably? diff --git a/process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan.rst similarity index 88% rename from process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst rename to process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan.rst index 6a93f8594d..7ec80ff1f7 100644 --- a/process/process_areas/security_management/guidance/security_management_module_security_plan_template.rst +++ b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan.rst @@ -12,18 +12,26 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* -Module Security Plan Template -============================= +Security Plan +============= -.. gd_temp:: Module Security Plan Template - :id: gd_temp__module_security_plan - :status: valid - :complies: +.. note:: Document header - Will be moved to Folder Templates (tbd https://github.com/eclipse-score/process_description/issues/109) - For the content see here: need:`doc__module_name_security_plan` - Will also adapted to the latest Safety Plan Template +.. document:: [Your Module Name] Security Plan + :id: doc__module_name_security_plan + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__module_security_plan + :tags: template +.. attention:: + The above directive must be updated according to your Module. + + - Modify ``Your Module Name`` to be your Module Name + - Modify ``id`` to be your Module Name in upper snake case preceded by ``doc_`` and succeeded by ``security_plan`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety`` and ``tags`` according to your needs | **1. Security Management Context** @@ -31,7 +39,7 @@ Module Security Plan Template | | **2. Security Management Scope** | This Security Plan's scope is a SW module of the SW platform /index.rst>. - | The module consists of one or more SW components and will be qualified as a EooC. + | The module consists of one or more SW components and will be qualified as a OoC. | | **3. Security Management Roles** @@ -74,21 +82,21 @@ Module Security Plan Template - - - * - :need:`wp__fdr_reports` (module Security Plan) + * - :need:`wp__fdr_reports` (Module Security Plan) - :need:`gd_chklst__security_plan` - - - - - * - :need:`wp__fdr_reports` (module Security Package) + * - :need:`wp__fdr_reports` (Module Security Package) - :need:`Security Package Formal Review Checklist ` - - - - - * - :need:`wp__fdr_reports` (module's Security Analyses) + * - :need:`wp__fdr_reports` (Module's Security Analyses) - Security Analysis FDR tbd - - @@ -110,7 +118,7 @@ Module Security Plan Template - * - :need:`wp__module_security_manual` - - :need:`gd_temp__security_manual` + - :need:`gd_temp__module_security_manual` - - - diff --git a/process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan_fdr.rst similarity index 51% rename from process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst rename to process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan_fdr.rst index 623b1d4fea..acf5969dc0 100644 --- a/process/process_areas/security_management/guidance/security_management_checklist_security_plan.rst +++ b/process/folder_templates/modules/module_name/docs/security_mgt/module_security_plan_fdr.rst @@ -12,17 +12,31 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* -Security Plan Review Checklist -============================== +Security Plan Formal Review Report +================================== -.. gd_chklst:: Security Plan Review Checklist - :id: gd_chklst__security_plan - :status: valid - :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 +.. note:: Document header + +.. document:: [Your Module Name] Security Plan Formal Review + :id: doc__module_name_security_plan_fdr + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: template + +.. attention:: + The above directive must be updated according to your Module. + + - Modify ``Your Module Name`` to be your Module Name + - Modify ``id`` to be your Module Name in upper snake case preceded by ``doc_`` and succeeded by ``_security_plan_fdr`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety`` and ``tags`` according to your needs **1. Purpose** -The purpose of this security plan review checklist is to report status of the review for the security plan. +The purpose of this review checklist is to provide a guidence for reviewing the Security Plans for each module. +Each Module Security Plan shall have one checklist filled. **2. Checklist** @@ -32,12 +46,12 @@ See also :ref:`review_concept` for further information about reviews in general :header-rows: 1 * - Id - - Security plan activity + - Security Plan activity - Compliant to ISO SAE 21434? - Comment * - 1 - - Is the rationale for the security work products tailoring included? + - Is the rationale for the Security Work Products tailoring included? - [YES | NO ] - @@ -47,47 +61,47 @@ See also :ref:`review_concept` for further information about reviews in general - * - 3 - - Does the security plan define all needed activities for security management (incl. Review and Security Audit)? + - Does the Security Plan define all needed activities for security management (including review and security audit)? - [YES | NO ] - * - 4 - - Does the security plan define all needed activities for SW development, integration and verification? + - Does the Security Plan define all needed activities for SW development, integration and verification? - [YES | NO ] - * - 5 - - Does the security plan define all needed activities for security analysis? + - Does the Security Plan define all needed activities for security analysis? - [YES | NO ] - * - 6 - - Does the security plan define all needed activities for supporting processes (incl. tool mgt)? + - Does the Security Plan define all needed activities for supporting processes (incl. tool mgt)? - [YES | NO ] - * - 7 - - Does the security plan document a responsible for all activities? + - Does the Security Plan document a responsible for all activities? - [YES | NO ] - * - 8 - - If Off-the-shelf (e.g. existing OSS) software components is used, is it planned to be analysed? + - If OSS software components is used, is it planned to be qualified? - [YES | NO ] - * - 9 - - Is a security manager and a project lead appointed for the project? + - Is a Security Manager and a Project Lead appointed for the project? - [YES | NO ] - * - 10 - - Is security plan sufficiently linked to the project plan? + - Is Security Plan sufficiently linked to the Project Plan? - [YES | NO ] - * - 11 - - Is security plan updated iteratively to show the progress? + - Is Security Plan updated iteratively to show the progress? - [YES | NO ] - @@ -97,14 +111,14 @@ See also :ref:`review_concept` for further information about reviews in general - * - 13 - - Does the security plan define all needed activities for SBOM generation? + - Does the Security Plan define all needed activities for SBOM generation? - [YES | NO ] - * - 14 - - Does the security plan define regular vulnerability scans for the generated SBOM? + - Does the Security Plan define regular vulnerability scans for the generated SBOM? - [YES | NO ] - .. note:: - Off-the-shelf means existing software which may used w/o modification, e.g. existing OSS + Off-the-shelf means existing software which may used without modification, e.g. existing OSS diff --git a/process/folder_templates/platform/index.rst b/process/folder_templates/platform/index.rst index 721fb404de..ea78b48533 100644 --- a/process/folder_templates/platform/index.rst +++ b/process/folder_templates/platform/index.rst @@ -22,5 +22,10 @@ Platform safety_analysis/platform_dfa.rst requirements/stakeholder/chklst_req_inspection.rst - safety_planning/index.rst + safety_planning/platform_safety_plan.rst safety_planning/platform_safety_analysis_fdr.rst + security_analysis/platform_security_manual.rst + security_analysis/platform_security_analysis_fdr.rst + security_analysis/platform_security_package_fdr.rst + security_planning/platform_security_plan.rst + security_planning/platform_security_plan_fdr.rst diff --git a/process/folder_templates/platform/safety_planning/platform_safety_analysis_fdr.rst b/process/folder_templates/platform/safety_planning/platform_safety_analysis_fdr.rst index e970585690..fdd8f6dbba 100644 --- a/process/folder_templates/platform/safety_planning/platform_safety_analysis_fdr.rst +++ b/process/folder_templates/platform/safety_planning/platform_safety_analysis_fdr.rst @@ -13,8 +13,8 @@ # ******************************************************************************* -Safety Analysis Checklist -========================= +Platform Safety Analysis Checklist +================================== .. document:: [Your Platform Name] Safety Analysis Checklist :id: doc__platform_name_safety_analysis_fdr diff --git a/process/folder_templates/platform/safety_planning/index.rst b/process/folder_templates/platform/safety_planning/platform_safety_plan.rst similarity index 98% rename from process/folder_templates/platform/safety_planning/index.rst rename to process/folder_templates/platform/safety_planning/platform_safety_plan.rst index f00f27e757..4eac6b0394 100644 --- a/process/folder_templates/platform/safety_planning/index.rst +++ b/process/folder_templates/platform/safety_planning/platform_safety_plan.rst @@ -14,8 +14,8 @@ .. _platform_safety_plan_template: -Safety Planning -############### +Platform Safety Planning +######################## .. document:: Platform Safety Plan :id: doc__platform_safety_plan diff --git a/process/folder_templates/platform/security_analysis/platform_security_analysis_fdr.rst b/process/folder_templates/platform/security_analysis/platform_security_analysis_fdr.rst new file mode 100644 index 0000000000..76ce8788b7 --- /dev/null +++ b/process/folder_templates/platform/security_analysis/platform_security_analysis_fdr.rst @@ -0,0 +1,41 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Platform Security Analysis Checklist +==================================== + +.. document:: [Your Platform Name] Security Analysis Checklist + :id: doc__platform_name_security_analysis_fdr + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: template + +.. attention:: + The above directive must be updated according to your Platform. + + - Modify ``Your Platform Name`` to be your Platform Name + - Modify ``id`` to be your Platform Name in lower snake case preceded by ``doc__`` and followed by ``_security_analysis_fdr`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety``, ``security`` and ``tags`` according to your needs + + +**Purpose** +The purpose of this Security Analysis Checklist template is to collect the topics to be checked during verification of the Security Analysis. + +**Checklist** + +To be filled as part of https://github.com/eclipse-score/process_description/issues/452. diff --git a/process/folder_templates/platform/security_analysis/platform_security_manual.rst b/process/folder_templates/platform/security_analysis/platform_security_manual.rst new file mode 100644 index 0000000000..8aceb38d33 --- /dev/null +++ b/process/folder_templates/platform/security_analysis/platform_security_manual.rst @@ -0,0 +1,94 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Platform Security Manual +======================== + +.. note:: Document header + +.. document:: Platform Security Manual + :id: doc__platform_security_manual + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__platform_security_manual + :tags: template + +Introduction/Scope +------------------ +.. note:: The Platform Security Manual is only performed once at platform level to analyse the dependencies between the features of the platform. + The results shall be used as an input for the security analysis so that general security mechanisms are only defined once and not in every single security analysis. + +Assumed Platform Security Requirements +-------------------------------------- +| For the the following security related stakeholder requirements are assumed to define the top level functionality (purpose) of the . i.e. from these all the feature and component requirements implemented are derived. +| + +Assumptions of Use +------------------ + +Assumptions on the Environment +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +| The platform and its components are developed as Out of Context (OoC) with assumptions on the environment. + It is assumed that the platform/components are integrated in a secure system, i.e. qualified POSIX OS. + Also the HW related failures are taken into account by the system integrator, if not otherwise stated in the module's security concept. +| + +List of AoUs expected from the environment the platform / module runs on: + +.. needtable:: + :style: table + :columns: title;id;status + :colwidths: 25,25,25 + :sort: title + + results = [] + + for need in needs.filter_types(["aou_req"]): + if need and "environment" in need["tags"]: + results.append(need) + +Assumptions on the User +^^^^^^^^^^^^^^^^^^^^^^^ +| As there is no assumption on which specific OS and HW is used, the integration testing of the stakeholder and feature requirements is expected to be performed by the user of the platform OoC. Tests covering all stakeholder and feature requirements performed on a reference platform (tbd link to reference platform specification), reviewed and passed are included in the platform OoC security package. +| Additionally the components of the platform may have additional specific assumptions how they are used. These are part of every module documentation: . Assumptions from components to their users can be fulfilled in two ways: +| 1. There are assumption which need to be fulfilled by all SW components, e.g. "every user of an IPC mechanism needs to make sure that he provides correct data (e.g. including appropriate security (access) control)" - in this case the AoU is marked as "platform". +| 2. There are assumption which can be fulfilled by a security control realized by some other Project platform component and are therefore not relevant for an user who uses the whole platform. But those are relevant if you chose to use the module OoC stand-alone - in this case the AoU is marked as "module". An example would be the "JSON read" which requires "The user shall provide a string as input which is not corrupted due to HW or QM SW errors." - which is covered when using together with safe platform persistency feature. + +List of AoUs on the user of the platform features or the module of this Security Manual: + +.. needtable:: + :style: table + :columns: title;id;status + :colwidths: 25,25,25 + :sort: title + + results = [] + + for need in needs.filter_types(["aou_req"]): + if need and "environment" not in need["tags"]: + results.append(need) + +Security concept of the OoC +---------------------------- +| + +Security Weaknesses, Vulnerabilities +------------------------------------ +| Weaknesses, vulnerabilities (bugs in security relevant SW, detected by testing or by users, which could not be fixed) known before release are documented in the platform/module release notes . + +References +---------- +| +| diff --git a/process/folder_templates/platform/security_analysis/platform_security_package_fdr.rst b/process/folder_templates/platform/security_analysis/platform_security_package_fdr.rst new file mode 100644 index 0000000000..91e36789f2 --- /dev/null +++ b/process/folder_templates/platform/security_analysis/platform_security_package_fdr.rst @@ -0,0 +1,41 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Platform Security Package Checklist +=================================== + +.. document:: [Your Platform Name] Security Package Checklist + :id: doc__platform_name_security_package_fdr + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: template + +.. attention:: + The above directive must be updated according to your Platform. + + - Modify ``Your Platform Name`` to be your Platform Name + - Modify ``id`` to be your Platform Name in lower snake case preceded by ``doc__`` and followed by ``_security_package_fdr`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety``, ``security`` and ``tags`` according to your needs + + +**Purpose** +The purpose of this Platform Security Package Checklist template is to collect the topics to be checked during verification of the Platform Security Package. + +**Checklist** + +To be filled as part of https://github.com/eclipse-score/process_description/issues/452. diff --git a/process/folder_templates/platform/security_planning/platform_security_plan.rst b/process/folder_templates/platform/security_planning/platform_security_plan.rst new file mode 100644 index 0000000000..46b2a45c1b --- /dev/null +++ b/process/folder_templates/platform/security_planning/platform_security_plan.rst @@ -0,0 +1,160 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _platform_security_plan_template: + +Platform Security Planning +########################## + +.. document:: Platform Security Plan + :id: doc__platform_security_plan + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__platform_security_plan + :tags: template + +.. attention:: + The above directive must be updated according to your Platform. + + - Adjust ``status`` to be ``valid`` + - Adjust ``safety``, ``security`` and ``tags`` according to your needs + + +:note: The Security Management Plan shall be continuously maintained during the project. Deviations to the Platform Plan should be documented here. + + +Security Management / Platform Security Plan +-------------------------------------------- + +Purpose ++++++++ + +Description of the purpose of the security management plan. + +Objectives and Scope +++++++++++++++++++++ + +Security Management Goals +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Description of the security management goals. + +Security Management Scope +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Description of the security management scope. + +Tailoring +^^^^^^^^^ + +Description of the tailoring of security activities in the project. + +Approach +++++++++ + +Security Culture +^^^^^^^^^^^^^^^^ + +Description of the security culture in the project. + +Security Management Organization +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Description of the organization of the security management in the project. + +*Eclipse Roles* + +Description of the Eclipse foundation roles relevant for security management. + +*Project Roles* + +Description of the project roles relevant for security management. + +*Critical dependencies* + +Description of critical dependencies relevant for security management. + +*Risk* + +Description of risks relevant for security management. + +*Skills* + +Description of skills relevant for security management. + +Security Resources +^^^^^^^^^^^^^^^^^^ + +Description of the resources relevant for security management. + +Security Management Communication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Description of the communication relevant for security management. + +*Reporting* + +Description of reporting used for security management. + +*Escalation* + +Description of escalation path used for security management. + +Security Management Life Cycle +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Description of the security management life cycle. + +Security Requirements +^^^^^^^^^^^^^^^^^^^^^ + +Description of security requirements. + +Security Schedule +^^^^^^^^^^^^^^^^^ +Description of the security schedule. + +Security SW Development +^^^^^^^^^^^^^^^^^^^^^^^ +Description of the security development. + +Security Verification +^^^^^^^^^^^^^^^^^^^^^ +Description of the security verification. + +Security Tool Management +^^^^^^^^^^^^^^^^^^^^^^^^ +Description of the security tool management. + +Security Work Products +^^^^^^^^^^^^^^^^^^^^^^ +Description of the security work products. + +Security Quality Criteria +^^^^^^^^^^^^^^^^^^^^^^^^^ +Description of the security quality criteria. + +Platform Security Plan +++++++++++++++++++++++ + +Security Specific SW Platform Work Products +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +List of all relevant security management work products for the platform project. + +Security Management Feature Specific Work Products +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +List of all relevant security management work products at feature level. diff --git a/process/folder_templates/platform/security_planning/platform_security_plan_fdr.rst b/process/folder_templates/platform/security_planning/platform_security_plan_fdr.rst new file mode 100644 index 0000000000..0921112345 --- /dev/null +++ b/process/folder_templates/platform/security_planning/platform_security_plan_fdr.rst @@ -0,0 +1,41 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + + +Platform Security Plan Formal Review Report +=========================================== + +.. document:: [Your Platform Name] Security Analysis Checklist + :id: doc__platform_name_security_plan_fdr + :status: draft + :safety: ASIL_B + :security: YES + :realizes: wp__fdr_reports + :tags: template + +.. attention:: + The above directive must be updated according to your Platform. + + - Modify ``Your Platform Name`` to be your Platform Name + - Modify ``id`` to be your Platform Name in lower snake case preceded by ``doc__`` and followed by ``_security_plan_fdr`` + - Adjust ``status`` to be ``valid`` + - Adjust ``safety`` and ``tags`` according to your needs + + +**Purpose** +The purpose of this Security Plan Checklist template is to collect the topics to be checked during verification of the Platform Security Plan. + +**Checklist** + +Further details to be filled during https://github.com/eclipse-score/process_description/issues/452 diff --git a/process/process_areas/safety_management/safety_management_concept.rst b/process/process_areas/safety_management/safety_management_concept.rst index 6de327cf19..534300500f 100644 --- a/process/process_areas/safety_management/safety_management_concept.rst +++ b/process/process_areas/safety_management/safety_management_concept.rst @@ -72,6 +72,10 @@ Stakeholders * Performing safety related development * Create Component Classification +#. :need:`Security Manager ` + + * Supports activities + #. :need:`External Auditor ` * Perform Safety Audit as independent safety audits @@ -99,6 +103,6 @@ Safety Management Tooling For the safety planning and safety manual a “Docs-as-Code” approach is used and within that approach Id will be used for referencing. -For the activities planning (who, when) we use a Issue Tracking System to create and manage issues, and monitor progress through a project management dashboard. +For the activities planning (who, when) we use :need:`wp__issue_track_system` to create and manage issues, and monitor progress through a project management dashboard. For the reporting (e.g. displaying the status of the work products) additional tooling is created. diff --git a/process/process_areas/safety_management/safety_management_roles.rst b/process/process_areas/safety_management/safety_management_roles.rst index c8768d6d5a..988cd1450c 100644 --- a/process/process_areas/safety_management/safety_management_roles.rst +++ b/process/process_areas/safety_management/safety_management_roles.rst @@ -69,7 +69,6 @@ Roles * Refusing the approval of work products as defined in the workflows * Refusing the approval of his team's role nomination (i.e. requesting that the role will be withdrawn) - .. role:: External Auditor :id: rl__external_auditor :status: valid diff --git a/process/process_areas/safety_management/safety_management_workflow.rst b/process/process_areas/safety_management/safety_management_workflow.rst index 54714e65fe..0fac6ae24a 100644 --- a/process/process_areas/safety_management/safety_management_workflow.rst +++ b/process/process_areas/safety_management/safety_management_workflow.rst @@ -125,7 +125,7 @@ Safety Management Workflows :input: wp__platform_mgmt, wp__issue_track_system, wp__sw_component_class, wp__safety_tailoring :output: wp__issue_track_system :contains: gd_temp__change_component_request, gd_temp__change_decision_record, gd_temp__change_impact_analysis - :has: doc_concept__safety_management_process + :has: doc_concept__safety_management_process, doc_getstrt__safety_management_process | In accordance with ISO 26262-2:2018 section 5.2.2.3 d/e (Impact Analysis), the project implements a dedicated workflow for analyzing change requests. | The Safety Manager is responsible for ensuring that each change request is analyzed for its impact on safety, as required by ISO 26262-2:2018. diff --git a/process/process_areas/security_management/guidance/checklist_security_package.rst b/process/process_areas/security_management/guidance/checklist_security_package.rst new file mode 100644 index 0000000000..49200a831d --- /dev/null +++ b/process/process_areas/security_management/guidance/checklist_security_package.rst @@ -0,0 +1,23 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Package Formal Review Checklist +======================================== + +.. gd_chklst:: Security Package Formal Review Checklist + :id: gd_chklst__security_package + :status: valid + :complies: std_req__isosae21434__prj_management_6471, std_req__isosae21434__prj_management_6491, std_req__isosae21434__prj_management_6492 + + For the content see here: :need:`doc__module_name_security_package_fdr` diff --git a/process/process_areas/security_management/guidance/checklist_security_plan.rst b/process/process_areas/security_management/guidance/checklist_security_plan.rst new file mode 100644 index 0000000000..68a8698075 --- /dev/null +++ b/process/process_areas/security_management/guidance/checklist_security_plan.rst @@ -0,0 +1,30 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Plan Formal Review Checklist +===================================== + +.. gd_chklst:: Platform Security Plan Formal Review Checklist + :id: gd_chklst__platform_security_plan + :status: valid + :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 + + For the content see here: :need:`doc__platform_name_security_plan_fdr` + +.. gd_chklst:: Module Security Plan Formal Review Checklist + :id: gd_chklst__security_plan + :status: valid + :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 + + For the content see here: :need:`doc__module_name_security_plan_fdr` diff --git a/process/process_areas/security_management/guidance/index.rst b/process/process_areas/security_management/guidance/index.rst index 1ac3787c36..16f720ff5b 100644 --- a/process/process_areas/security_management/guidance/index.rst +++ b/process/process_areas/security_management/guidance/index.rst @@ -19,9 +19,9 @@ Guidance :maxdepth: 1 security_management_guideline + security_plan_templates + security_manual_templates security_management_feature_security_wp_template - security_management_module_security_plan_template - security_management_security_manual_template - security_management_checklist_security_package - security_management_checklist_security_plan + checklist_security_package + checklist_security_plan security_management_process_reqs diff --git a/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst b/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst index e54241d008..5e41d0e9d7 100644 --- a/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst +++ b/process/process_areas/security_management/guidance/security_management_feature_security_wp_template.rst @@ -12,6 +12,7 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* + Feature Security Work Products Template ======================================= @@ -21,4 +22,3 @@ Feature Security Work Products Template :complies: For the content see here: (tbd https://github.com/eclipse-score/process_description/issues/109) - ref:`feature_security_wp_template` diff --git a/process/process_areas/security_management/guidance/security_management_guideline.rst b/process/process_areas/security_management/guidance/security_management_guideline.rst index 82564beb67..cf25d93764 100644 --- a/process/process_areas/security_management/guidance/security_management_guideline.rst +++ b/process/process_areas/security_management/guidance/security_management_guideline.rst @@ -23,9 +23,7 @@ Security Management Guideline :complies: std_req__isosae21434__org_management_5421, std_req__isosae21434__org_management_5422, std_req__isosae21434__org_management_5423, std_req__isosae21434__org_management_5443, std_req__isosae21434__org_management_5451, std_req__isosae21434__org_management_5461, std_req__isosae21434__continual_8321, std_req__isosae21434__continual_8322, std_req__aspice_40__iic-14-55 - **Overall security management:** - - Security culture: + **Security Culture:** Security culture is planned to grow in the SW platform. This shall be fostered by doing a lessons learned after each feature development completion, @@ -36,32 +34,32 @@ Security Management Guideline are defined with experience of several companies already performing successful safe and secure SW development. This also improves independence of reviews for the process definitions. - Quality Management: + **Quality Management:** ASPICE standard is selected for quality management. Processes will always link to the :ref:`standard_isosae21434` standard and to the :ref:`standard_aspice_pam4` standard. - Competence management: + **Competence Management:** The :need:`rl__security_manager` on SW platform level is responsible to define a competence management for the whole platform. Expectation is that the security competence of the persons nominated for the roles is already given and only has to be checked. The exception from this are the committers, for these no security competence needs to be enforced. - So the module security managers shall consult the :need:`wp__platform_security_plan` and + So the Module Security Managers shall consult the :need:`wp__platform_security_plan` and perform accordingly in their module project. - Communication: + **Communication:** Development teams are interdisciplinary, so the regular (sprint) planning and review meetings enable communication (as defined in :need:`wp__platform_mgmt`). Another main communication means are the Pull Request reviews. Also the standard Eclipse Foundation communication strategies are used (e.g. mailing lists) - Security Weaknesses, Vulnerabilities: + **Security Weaknesses, Vulnerabilities:** As the SW platform organization does not have own vehicles in the field, it relies on feedback from OEMs and Distributors on bugs discovered in the field. The need for this feedback is part - of each security manual. But also during development of change requests to existing features, + of each Security Manual. But also during development of change requests to existing features, bug reporting by the Open Source community or integration of existing SW components into new features may lead to the discovery of new security weaknesses and vulnerabilities. Security weaknesses and vulnerabilities can also be deviations from the development process with impact @@ -72,20 +70,20 @@ Security Management Guideline via the :need:`wp__issue_track_system` (which is also Open Source). - **Tailoring security activities:** + **Tailoring Security Activities:** Main tailoring driver is that the SW platform is pure SW development and is provided as "(component) OoC" - this explains mainly the generic, platform wide tailoring. Tailoring is done for the whole SW platform by defining only the relevant work products and an argumentation why the others are not needed in :ref:`standard_isosae21434` and :need:`wp__platform_security_plan`. But there may be also additional tailoring for each module/component OoC development to restrict further - the work products. This is documented in every module security plan. Here the usage of already + the work products. This is documented in every Module Security plan. Here the usage of already existing components is the main tailoring driver. - **Planning security activities:** + **Planning Security Activities:** - In the security plan the nomination of the security manager and the project lead is documented. + In the Security Plan the nomination of the Security Manager and the Project Lead is documented. The planning of security activities is done using issues in the :need:`wp__issue_track_system` as specified in the :need:`wp__platform_mgmt`. @@ -106,12 +104,12 @@ Security Management Guideline A template exists to guide this: :need:`gd_temp__module_security_plan`. - **Planning supporting processes:** + **Planning Supporting Processes:** Supporting processes (Requirements Management, Configuration Management, Change Management, Documentation Management, Tool Management) are planned within the :need:`wp__platform_mgmt` - **Planning integration and verification:** + **Planning Integration and Verification:** Integration on the target hardware is not done in the scope of the SW platform project, but SW/SW integration up to the feature level is performed and its test results are part of the @@ -124,22 +122,24 @@ Security Management Guideline * :need:`wp__verification_feat_int_test` * :need:`wp__verification_platform_int_test` - Verification planning is documented in :need:`wp__verification_plan` - + Verification planning is documented in :need:`wp__verification_plan`. + Any unspecified functions, such as code for debugging or instrumentation, must either be deactivated + or removed prior to release, unless their presence does not affect security compliance. - **Scheduling of reviews, audit and assessment:** + **Scheduling of Reviews, Audit and Assessment:** Scheduling is done in the same way as for all work products definition by issues. - The respective work products are :need:`wp__fdr_reports_security` and :need:`wp__audit_report_security` + The respective work products are :need:`wp__fdr_reports_security`, and :need:`wp__audit_report_security` - **Planning of security analyses:** + **Planning of Security Analyses:** In cases where the components consist of sub-components there will be more than one architecture level. Security analysis will then be done on these multiple levels. See the respective work products: + * platform level: :need:`wp__platform_security_analysis` * feature level: :need:`wp__feature_security_analysis` * component level: :need:`wp__sw_component_security_analysis` @@ -148,7 +148,7 @@ Security Management Guideline **Provision of the confidence in the use of software tools:** Tool Management planning is part of the :need:`wp__platform_mgmt`. The respective work product - to be planned as an issue of the generic security plan is the :need:`wp__tool_verification_report`, + to be planned as an issue of the generic security plan is the :need:`wp__tool_verification_report`, which contains tool evaluation and if applicable qualification of the SW platform toolchain. Components developed in C++ and Rust will have different toolchains. Both will be qualified once for the SW platform. @@ -169,20 +169,22 @@ Security Management Guideline The :need:`Security Team ` is responsible for coordinating the resolution of vulnerabilities within the Project. -.. gd_guidl:: Security manual generation +.. gd_guidl:: Security Manual Generation :id: gd_guidl__security_manual :status: valid :complies: std_req__isosae21434__prj_management_6491, std_req__isosae21434__prj_management_6492 - The security manual collects several work products and adds some additional content mainly to + The Security Manual collects several work products and adds some additional content mainly to instruct the user of a OoC (in this project on platform and module level) to securely use it in the context of the user's OoC and requirements for post-development. Its main content is described in :need:`wp__platform_security_manual` and :need:`wp__module_security_manual`. - A template exists to guide the definition of the security manual on platform and module level (:need:`gd_temp__security_manual`). + A template exists to guide the definition of the security manual on platform and module level (:need:`doc__module_name_security_manual`). -.. gd_guidl:: Security package automated generation +.. gd_guidl:: Security Package Automated Generation :id: gd_guidl__security_package :status: valid :complies: std_req__isosae21434__prj_management_6471 - The security package shall be generated progressively and automatically compiling the work products. + The Security Package shall be generated progressively and automatically compiling the work products. + One of the checks to perform on the platform safety package is to check completeness of the + process compliance to standards, which can be seen from standard linkage charts in :ref:`external_standards`. diff --git a/process/process_areas/security_management/guidance/security_management_process_reqs.rst b/process/process_areas/security_management/guidance/security_management_process_reqs.rst index fbabb9a504..0d5e01cb3a 100644 --- a/process/process_areas/security_management/guidance/security_management_process_reqs.rst +++ b/process/process_areas/security_management/guidance/security_management_process_reqs.rst @@ -21,9 +21,9 @@ Security Management Process Requirements :status: valid :tags: done_automation, attribute, mandatory :satisfies: wf__cr_mt_security_plan - :complies: + :complies: std_req__isosae21434__prj_management_6429 - Security plans shall contain documents references where the status is derived automatically. + Security Plans shall contain documents references where the status is derived automatically. Note: This can be done by defining the document as a sphinx-need and using sphinx mechanisms. @@ -32,9 +32,9 @@ Security Management Process Requirements :status: valid :tags: prio_2_automation, attribute, mandatory :satisfies: wf__cr_mt_security_plan - :complies: + :complies: std_req__isosae21434__prj_management_6429 - Security plans shall contain work product references where the accumulated status is derived automatically. + Security Plans shall contain work product references where the accumulated status is derived automatically. Note: This can be done as for documents if the work product is a single sphinx-need. For work products collections (e.g. all requirements of a component) an accumulated status is needed (e.g. like "% valid state") diff --git a/process/process_areas/security_management/guidance/security_manual_templates.rst b/process/process_areas/security_management/guidance/security_manual_templates.rst new file mode 100644 index 0000000000..ee2ddc8264 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_manual_templates.rst @@ -0,0 +1,29 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Manual Templates +========================= +.. gd_temp:: Platform Security Manual Template + :id: gd_temp__platform_security_manual + :status: valid + :complies: std_req__isosae21434__development_10421, std_req__isosae21434__development_10422 + + For the content see here: :need:`doc__platform_security_manual` + +.. gd_temp:: Module Security Manual Template + :id: gd_temp__module_security_manual + :status: valid + :complies: std_req__isosae21434__development_10421, std_req__isosae21434__development_10422 + + For the content see here: :need:`doc__module_name_security_manual` diff --git a/process/process_areas/security_management/guidance/security_plan_templates.rst b/process/process_areas/security_management/guidance/security_plan_templates.rst new file mode 100644 index 0000000000..64a161ba09 --- /dev/null +++ b/process/process_areas/security_management/guidance/security_plan_templates.rst @@ -0,0 +1,30 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +Security Planning Templates +=========================== + +.. gd_temp:: Platform Security Plan Template + :id: gd_temp__platform_security_plan + :status: valid + :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 + + For the content see here: :need:`doc__platform_security_plan` + +.. gd_temp:: Module Security Plan Template + :id: gd_temp__module_security_plan + :status: valid + :complies: std_req__isosae21434__prj_management_6411, std_req__isosae21434__prj_management_6421, std_req__isosae21434__prj_management_6422, std_req__isosae21434__prj_management_6423, std_req__isosae21434__prj_management_6424, std_req__isosae21434__prj_management_6425, std_req__isosae21434__prj_management_6426, std_req__isosae21434__prj_management_6427, std_req__isosae21434__prj_management_6428, std_req__isosae21434__prj_management_6429, std_req__isosae21434__prj_management_64210, std_req__isosae21434__prj_management_64211, std_req__isosae21434__prj_management_6431, std_req__isosae21434__prj_management_6432, std_req__isosae21434__prj_management_6441, std_req__isosae21434__prj_management_6442, std_req__isosae21434__prj_management_6443, std_req__isosae21434__prj_management_6451, std_req__isosae21434__prj_management_6452, std_req__isosae21434__prj_management_6453, std_req__isosae21434__prj_management_6461, std_req__isosae21434__prj_management_6462 + + For the content see here: :need:`doc__module_name_security_plan` diff --git a/process/process_areas/security_management/security_management_concept.rst b/process/process_areas/security_management/security_management_concept.rst index 857a970233..988e3d86fb 100644 --- a/process/process_areas/security_management/security_management_concept.rst +++ b/process/process_areas/security_management/security_management_concept.rst @@ -22,17 +22,19 @@ Concept Description :status: valid :tags: security_management -In this section a concept for the Security Management will be discussed. Inputs for this concepts +In this section a concept for the security management will be discussed. Inputs for this concepts are mainly the requirements of ISO SAE 21434 Clause 5, 6 and 8. -The term security is used here synonymously for the term cybersecurity as defined in ISO SAE 21434. - +Key concept +*********** +The Security Management Plan establishes a comprehensive strategy for managing all identified security activities throughout the entire project life cycle. +It ensures that these activities are executed in a systematic, effective, and repeatable manner, providing clear guidance on responsibilities, processes, and control measures. +This approach supports risk mitigation, regulatory compliance, and continuous improvement, enabling the project team to maintain secrity standards consistently from initiation to completion. Inputs ****** -#. Stakeholders for the Security Management work products? -#. Who needs which information? +#. Stakeholders for the security management work products? #. Which security plans do we have? #. Which other work products of security management are important? #. What tooling do we need? @@ -41,18 +43,21 @@ Inputs Stakeholders for the Security Management **************************************** -#. :need:`Project Lead ` - - * approving security audit - * planning of development for platform/nodule projects - * status reporting of security activities - * approving security plan, security package - #. :need:`Security Manager ` * is the main responsible for the security management work products (as in :doc:`security_management_workproducts`). See also role definition in :doc:`security_management_roles`. +#. :need:`Security Engineer ` + + * is the main responsible for the security engineering work products (as in :doc:`../security_analysis/security_analysis_workproducts`). + See also role definition in :need:`Security Engineer `. + +#. :need:`Project Lead ` + + * is overall approver for security management activities. + * For more details refer the role definition in :need:`Project Lead `. + #. :need:`Committer ` * creates and maintains SBOM @@ -62,17 +67,10 @@ Stakeholders for the Security Management * reports weaknesses and vulnerabilities -#. :need:`External Auditor ` +#. :need:`External Security Auditor ` * understand activities planning, processes definition and execution (needs review, if we consider that) -#. "Distributor" (external role) - - * use the platform in a safe and secure way - * integrate the platform in their product (distribution) and security package - * plan this integration (also in time) - * qualify the SW platform as part of his product - #. :need:`Safety Manager ` * Supports activities @@ -81,25 +79,11 @@ Stakeholders for the Security Management * Supports the creation and maintenance of the SBOM -#. :need:`Quality Manager ` - - * Supports training activities - - -Standard Requirements -===================== +Security Plans +************** -Also requirements of standards need to be taken into consideration: - -* ISO 26262 -* ASPICE -* ISO SAE 21434 - -Security Management Plans -************************* - -This SW platform project defines two levels of planning: platform and module. There will be one security plan on platform level and several security plans on module level (one for each module). -This is how we organize our development teams and repositories. Each of these security plan "creates" one component OoC. +This SW platform project defines two levels of planning: platform and module. There will be one Security Plan on platform level and several Security Plans on module level (one for each module). +This is how we organize our development teams and repositories. Each of these Security Plan "creates" one component OoC. The :need:`wp__platform_security_plan` exists only once and is part of the :need:`wp__platform_mgmt` of the development project. Security Management Work Products @@ -107,15 +91,17 @@ Security Management Work Products Apart from the security plans the main work products of security management are (see also the link to workflows below): -* :need:`Security Manual ` - the security manual defines the requirements for safe and secure usage or integration of the SW platform (or its individual modules) -* :need:`Reviews ` - on security plan, security package and security analyses, according to ISO SAE 21434 requirements -* :need:`Security Package ` - the security package does not contain the security argumentation. By this the development project ensures it does not take over liability for the SW platform (or its individual modules). But it enables the distributors to integrate the SW platform (or its individual modules) in their security package. +* :need:`Security Manual ` - the Security Manual defines the requirements for safe and secure usage or integration of the SW platform (or its individual modules) +* :need:`Reviews ` - on Security Plan, Security Package and Security Analyses, according to ISO SAE 21434 requirements +* :need:`Security Package ` - the Security Package does not contain the security argumentation. By this the development project ensures it does not take over liability for the SW platform (or its individual modules). But it enables the distributors to integrate the SW platform (or its individual modules) in their Security Package. Security Management Tooling *************************** -For the security planning and security manual, "re-structured text" will be used for referencing. +For the security planning and security manual a “docs-as-code” approach is used and within that approach Id will be used for referencing. + +For the activities planning (who, when) we use :need:`wp__issue_track_system` to create and manage issues, and monitor progress through a project management dashboard. -For the activities planning and monitoring (who, when) we use :need:`wp__issue_track_system`. +Also, refer :need:`wf__mr_sec_analyses` for the monitoring of security analyses. For the reporting (e.g. displaying the status of the work products) additional tooling is created (see :doc:`guidance/security_management_process_reqs`). diff --git a/process/process_areas/security_management/security_management_getstrt.rst b/process/process_areas/security_management/security_management_getstrt.rst index bcc7ffd857..b92894f736 100644 --- a/process/process_areas/security_management/security_management_getstrt.rst +++ b/process/process_areas/security_management/security_management_getstrt.rst @@ -20,11 +20,28 @@ Getting Started :status: valid :tags: security_management -In case you are appointed as a :need:`Security Manager ` by the -:need:`rl__project_lead` in the development project: - -* Contact the :need:`Project Lead ` (TL) for your Component OoC (Out-of-Context) to establish planning and reporting -* Create your security plan according to :need:`wf__cr_mt_security_plan` -* Make familiar with your role description and the other workflows of security management (see :doc:`security_management_roles` or :doc:`security_management_workflow`) -* Make familiar with the concept :need:`doc_concept__security_management_process` and the :need:`wp__platform_security_plan` -* Make familiar with the development and supporting process descriptions in :ref:`process_description`, especially with the :need:`wp__platform_mgmt` +This document and sub chapters outlines the required steps to ensure that project complies with ISO SAE 21434 security standard. +Begin with this document to understand the project's security-related processes and procedures. +All other sub processes are linked here and in sub chapters. + +General Workflow +**************** +One goal of the security management process is to ensure that the project is following the defined processes and that the evidence of security can be shown according to the requirements. +The Security Management process follows an continuous approach. +All these workflows are defined in the :ref:`workflow_security_management` section. + +The following workflows shall be executed continuously: +* Create/Maintain Security Plan +* Create/Maintain Security Package +* Create/Maintain Security Manual +* Create/Maintain SBOM +* Monitor/Verify Security + +Additional to the continuous workflows the following workflows shall be executed according to the project needs: +* Perform Security Audit (to be discussed, currently not in scope) +* Perform Formal Reviews + +Some of the workproducts are currently either tailored out or not in scope of this project (due to Out-of-Context development). +Refer :need:`wp__tailoring_work_products` section for the details about tailoring. + +.. note:: The term security is used here synonymously for the term cybersecurity as defined in ISO SAE 21434. diff --git a/process/process_areas/security_management/security_management_roles.rst b/process/process_areas/security_management/security_management_roles.rst index 119aee36e1..bad84d3a1d 100644 --- a/process/process_areas/security_management/security_management_roles.rst +++ b/process/process_areas/security_management/security_management_roles.rst @@ -41,16 +41,14 @@ Roles Experience - * 2 years of experience in the management of security topics + * 3 years of experience in the management of security topics * Experience in managing projects * Experience in managing security weaknesses, vulnerabilities Responsibility - * Creates and maintains the Security Plan - * Creates and monitors the completeness of the security package - * Creates and maintains the Security Manual - * Supports creation and maintaining of the SBOM + * Creates and maintains following security artifacts at platform level: Platform Security Plan, Platform Security Package, Platform Security Manual, Platform SBOM + * Approves following security artifacts at module: Module Security Plan, Module Security Package, Module Security Manual, Module SBOM * Verifies, that the preconditions for the "release for production", which are part of the release notes, are fulfilled, and the correctness, completeness and consistency of the release notes * Supports reporting of security related project status * Reports security weaknesses, vulnerabilities @@ -58,13 +56,29 @@ Roles * Plans and approves the security audit (to be discussed, currently not in scope) * Plans and approves the formal security reviews * Approval of security analyses - * Creates and maintains the security manuals on platform and module level * Checks that every person in his team has sufficient security skills for their role Authority - * Escalation of planning topics to the project manager defined in the security plan + * Escalation of planning topics to the project manager defined in the Security Plan * Initiate the publication of a security weakness, vulnerability * Recommend the Release of a SW platform or a module * Refusing the approval of work products as defined in the workflows * Refusing the approval of his team's role nomination (i.e. requesting that the role will be withdrawn) + +.. role:: Security External Auditor + :id: rl__security_external_auditor + :status: valid + + Required skills, Knowledge of security standards (ISO 21434), Experience + + * External Auditor comes from organization specialized in secrity audits and assessment, thus sufficient skill should be guaranteed by the sending organization. + * For performing the formal document reviews also a Security Manager from another Eclipse Safety project can play the role of an external auditor, in this case the same skills apply as for the Security Manager. + + Responsibility + + * Performing and reporting of secrity audit + + Authority + + * Decision on the passing or failing of an audit diff --git a/process/process_areas/security_management/security_management_workflow.rst b/process/process_areas/security_management/security_management_workflow.rst index 8f08926cf7..5475ecc632 100644 --- a/process/process_areas/security_management/security_management_workflow.rst +++ b/process/process_areas/security_management/security_management_workflow.rst @@ -12,6 +12,7 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* +.. _workflow_security_management: Security Management Workflows ############################# @@ -30,8 +31,8 @@ For a detailed explanation of workflows and their role within the process model, :has: doc_concept__security_management_process, doc_getstrt__security_management_process | The Security Manager is responsible for the planning and coordination of the security activities for the platform/module. - | The Security Manager creates and maintains the security plan. - | For this a template exists to guide the creator of the security plan. + | The Security Manager creates and maintains the Security Plan. + | For this a template exists to guide the creator of the Security Plan. .. workflow:: Create/Maintain Security Package :id: wf__cr_mt_security_package @@ -45,15 +46,15 @@ For a detailed explanation of workflows and their role within the process model, :has: doc_concept__security_management_process, doc_getstrt__security_management_process | The Security Manager is NOT responsible to provide the argument for the achievement of security. - | But the Security Manager creates and maintains the security package in the sense of a collection of security related work products. - | The generation and the maintenance of this draft security package shall be automated as much as possible. + | But the Security Manager creates and maintains the Security Package in the sense of a collection of security related work products. + | The generation and the maintenance of this draft Security Package shall be automated as much as possible. | It does not contain the final argumentation of the security of the product. - | As the security package is only a collection of work products, the security plan (template) can be used for documentation. + | As the Security Package is only a collection of work products, the Security Plan (template) can be used for documentation. .. workflow:: Perform Security Audit :id: wf__p_fs_audit_security :status: valid - :responsible: rl__external_auditor + :responsible: rl__security_external_auditor :approved_by: rl__project_lead :supported_by: rl__security_manager, rl__security_engineer :input: wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package @@ -70,7 +71,7 @@ For a detailed explanation of workflows and their role within the process model, .. workflow:: Perform Formal Security Reviews :id: wf__p_formal_security_rv :status: valid - :responsible: rl__external_auditor + :responsible: rl__security_external_auditor :approved_by: rl__project_lead :supported_by: rl__security_manager, rl__security_engineer :input: wp__module_security_plan, wp__platform_security_plan, wp__module_security_package, wp__platform_security_package @@ -93,13 +94,13 @@ For a detailed explanation of workflows and their role within the process model, :supported_by: rl__committer :input: wp__requirements_feat_aou, wp__requirements_feat, wp__feature_arch, wp__feature_fmea, wp__feature_dfa, wp__requirements_comp_aou, wp__requirements_comp, wp__component_arch, wp__sw_component_fmea, wp__sw_component_dfa :output: wp__platform_security_manual, wp__module_security_manual - :contains: gd_guidl__security_manual, gd_temp__security_manual, gd_guidl__security_plan_definitions + :contains: gd_guidl__security_manual, gd_temp__platform_security_manual, gd_temp__module_security_manual, gd_guidl__security_plan_definitions :has: doc_concept__security_management_process, doc_getstrt__security_management_process - | The Security Engineer collects the necessary input for the security manuals on + | The Security Engineer collects the necessary input for the Security Manuals on | platform and module level and documents it. - | He makes sure all items are in valid state for a release of the security manual. - | Also for the security manual a template exists as a guidance. + | He makes sure all items are in valid state for a release of the Security Manual. + | Also for the Security Manual a template exists as a guidance. .. workflow:: Create/Maintain SBOM :id: wf__cr_mt_security_sbom @@ -126,10 +127,10 @@ For a detailed explanation of workflows and their role within the process model, :contains: gd_guidl__security_plan_definitions :has: doc_concept__security_management_process, doc_getstrt__security_management_process - | The Security Manager is responsible for the monitoring of the security activities against the security plan. + | The Security Manager is responsible for the monitoring of the security activities against the Security Plan. | The Security Manager is responsible to verify, that the preconditions for the "release for production", which are part of the release notes, are fulfilled. | The Security Manager is responsible to verify the correctness, completeness and consistency of the release notes. - | The Security Manager is responsible for the monitoring of security information as defined in the security plan. + | The Security Manager is responsible for the monitoring of security information as defined in the Security Plan. | The Security Manager is responsible to identify weaknesses and vulnerabilities based on received information, and to analyse and manage the vulnerabilities until closure. | Beside reporting vulnerabilities in the :need:`wp__issue_track_system`, also `Eclipse general vulnerability tracker `_ may be used. @@ -144,7 +145,7 @@ For a detailed explanation of workflows and their role within the process model, :contains: gd_temp__module_security_plan :has: doc_concept__security_management_process, doc_getstrt__security_management_process - | The security manager :need:`rl__security_manager` consults all project/platform stakeholder as defined in :need:`doc_concept__security_management_process` for security topics and executes regularly security trainings. + | The Security Manager :need:`rl__security_manager` consults all project/platform stakeholder as defined in :need:`doc_concept__security_management_process` for security topics and executes regularly security trainings. .. needextend:: docname is not None and "process_areas/security_management" in docname diff --git a/process/process_areas/security_management/security_management_workproducts.rst b/process/process_areas/security_management/security_management_workproducts.rst index e525773ed5..7068e7f75a 100644 --- a/process/process_areas/security_management/security_management_workproducts.rst +++ b/process/process_areas/security_management/security_management_workproducts.rst @@ -14,7 +14,6 @@ Security Management Work Products ################################# - .. workproduct:: Platform Security Plan :id: wp__platform_security_plan :status: valid @@ -23,10 +22,12 @@ Security Management Work Products Plan to manage and guide the execution of the security activities of a project including dates, milestones, tasks, deliverables, responsibilities (including the Security Manager appointment) and resources. - This platform security plan also takes into account the eclipse organization's rules relevant for security development. + This Platform Security Plan also takes into account the eclipse organization's rules relevant for security development. Guidelines on how an change impact analysis shall be concluded on each item or element involved together with it's connected items or elements. + For the template see here: :need:`doc__platform_security_manual` + This is on following level: * Project/Platform (contains definitions how security planning is performed generally in the project) @@ -41,6 +42,8 @@ Security Management Work Products Guidelines on how an impact analysis shall be concluded on each item or element involved together with it's connected items or elements. + For the template see here: :need:`doc__module_name_security_manual` + This is on following level: * Module (contains activities planning based on a Change Request) @@ -51,19 +54,19 @@ Security Management Work Products :tags: doc_lifecycle_model_2 :complies: std_wp__isosae21434__prj_management_652 - Compiled Security Relevant Work Products. For Platform OoC. + Compiled security relevant work products. For platform OoC. - Note that the platform security package does not contain an argument that the platform is safe and secure. + Note that the Platform Security Package does not contain an argument that the platform is safe and secure. .. workproduct:: Module Security Package :id: wp__module_security_package :status: valid :tags: doc_lifecycle_model_2 - :complies: + :complies: std_wp__isosae21434__prj_management_652 - Compiled Security Relevant Work Products. For Module OoC. + Compiled security relevant work products. For Module OoC. - Note that the module security package does not contain an argument that the module is safe and secure. + Note that the Module Security Package does not contain an argument that the module is safe and secure. .. workproduct:: Formal Document Review Reports :id: wp__fdr_reports_security @@ -73,7 +76,11 @@ Security Management Work Products Review that a work product provides sufficient and convincing evidence of their contribution to the achievement of security considering the corresponding objectives and requirements of ISO SAE 21434. - Will contain formal review report for Security Plan, Security Package, Security Analyses. + Will contain formal review report for Security Plan, Security Package and Security Analyses. + + For the different review checklist see here: + - Review checklist for Security Plans: :need:`doc__platform_name_security_plan_fdr` and :need:`doc__module_name_security_plan_fdr` + - Review checklist for Security Packages: :need:`doc__platform_name_security_package_fdr` and :need:`doc__module_name_security_package_fdr` .. workproduct:: Process Security Audit Report :id: wp__audit_report_security @@ -90,39 +97,43 @@ Security Management Work Products :tags: doc_lifecycle_model_2 :complies: std_wp__isosae21434__prj_management_654 - The security manual describes: + The Security Manual describes: - * the Assumed Platform Requirements (Security related, including for post-development); + * the assumed platform requirements (security related, including for post-development); * the security concept of the OoC (i.e. which attack paths are taken care of); - * the Assumptions of Use (of the features); + * the assumptions of use (of the features); * a link to the user manual; * the reactions of the implemented functions under threatened operating conditions; and * a description of known vulnerabilities with corresponding workaround measures. This is on platform level. Only one manual for the entire platform. + For template see here: :need:`doc__platform_security_manual` + .. workproduct:: Module Security Manual :id: wp__module_security_manual :status: valid :tags: doc_lifecycle_model_2 :complies: std_wp__isosae21434__prj_management_654 - The security manual describes: + The Security Manual describes: - * the Assumed Platform Requirements (Security related, including for post-development); + * the assumed platform requirements (security related, including for post-development); * the security concept of the OoC (i.e. which attack paths are taken care of); - * the Assumptions of Use (of the modules's components); + * the assumptions of use (of the modules's components); * a link to the user manual; * the reactions of the implemented functions under threatened operating conditions; and * a description of known vulnerabilities with corresponding workaround measures. This is on module level. One manual per each module. + For template see here: :need:`doc__module_name_security_manual` + .. workproduct:: Platform Software Bill of Material (SBOM) :id: wp__sw_platform_sbom :status: draft :tags: doc_lifecycle_model_2 - :complies: + :complies: std_wp__isosae21434__continual_8631 Platform Software Bill of Material - comprehensive inventory of software components to ensure security, integrity, and compliance. @@ -131,7 +142,7 @@ Security Management Work Products :id: wp__sw_module_sbom :status: draft :tags: doc_lifecycle_model_2 - :complies: + :complies: std_wp__isosae21434__continual_8631 Module Software Bill of Material - comprehensive inventory of software components to ensure security, integrity, and compliance. diff --git a/process/roles/index.rst b/process/roles/index.rst index 337c694c4b..a31949b4ad 100644 --- a/process/roles/index.rst +++ b/process/roles/index.rst @@ -48,6 +48,7 @@ Project Management Roles * High-level project control and coordination between multiple software modules * Escalation instance * Planning and Approval the releases of the + * Approves security related artifacts likes security plan, security audit, security reviews, SBOM, security monitoring/verification, security trainings and including status reporting of security activities Authority