Idocument plus review6/13/2023 ![]() ![]() This has some value, but I’m not sure why these features are not documented and then tested to verify the implementation meets the documentation. The Functional Security Assessment portion of the Embedded Device Security Assessment is primarily a paper exercise. These additional validation columns do provide some benefits in understanding how the Functional Security Assessment will be performed, but a lot more detail is needed to hand this testing over to third parties and have it consistently applied. Since the “testing” is mostly document review it seems odd why any requirements that were worthy of being included in the document would be “no”. This is oddly inconsistent, and I couldn’t deduce any reason for the small number of “no independent testing” requirements. This just points out that additional audit guidance documentation will need to be developed, which is not a surprise.Ībout 90% of the requirements specify Independent Test, but some don’t such as Role Based Access Control, Management of Passwords, or Authentication Feedback. One could easily test that something is taking place, but how much is enough, what is mission critical data, etc. “Examine design documents and determine if there are security measures to provide verification of mission critical data conforms to expected formats and limits and record results”. For instance, how will different groups and people consistently However, with this limited level of specificity there will be challenges for a certification agency. It may get interesting if a tester has to evaluate a solution other than sequence numbering, but this does provide some guidance to the certification group on what ISASecure was expecting. ![]() Another example is FSA-DI-1.1 – Insertion of Data Packets with “Supported – has a specific feature such as sequence numbering to detect insertions”. Without commenting on the appropriateness of the measure, a tester would at least have some guidance on what Supported meant. Not Supported – includes dependence on Link layer CRC for detection of corruption as this is insufficient against malicious intent Independent of this device prior to leaving protected areaĬ. Allocatable – via restriction of network confined to physically protected area or protected by another layer Supported – via application level CRC of at least 16 bit length or duplicated data, orī. ![]() For example:įSA-DI-1.5 – Basic Modification of Transmitted Data: The IACS embedded device shall employ basic mechanisms to recognize changes to information during communication independent of the basic communication protocol stackĪ. There are some interesting Validation Activity results if you can get to Use Control requirements in the middle of the document. Now many of the requirements have no description for Supported and Non-Supported and a generic “able to be met by other components” for Allocated. Virtually all of the validation activities begin with either “Verify user documents include evidence” … or “Verify design documents include evidence” … This is then followed by a restatement of the requirement, sometimes in more specificity and sometimes less.Īfter the restatement of the requirement, the Validation Activity has the possible test results listed, typically Supported, Allocated and Non-Supported. The thing that jumped out at me first is that validation is almost exclusively a documentation review. Today I’ll cover the validation portion of Functional Security Assessment document. While I can’t share the documents with our loyal readers, I am allowed to give you my thoughts on the full version of the documents. Since that review ISASecure was kind enough to send another version of the Functional Security Assessment and Software Design Security Assessment that included two additional columns for each requirement: Validation Activity and Validation by Independent Test Required (Yes/No). I recently reviewed the two published drafts for the ISASecure Embedded Device Security Assurance Certification and had a number of comments on how easy or hard it would be for third party testing of the requirements. ![]()
0 Comments
Leave a Reply. |