UAF Security Views

The UAF Security Views provide a structured approach for managing security concerns across enterprise architectures, offering viewpoints that define requirements, strategies, implementations, and solutions to safeguard the enterprise in all its dimensions. These views allow organizations to model and capture critical security elements, such as risk assessments that measure the impact of potential events on assets, constraints that specify protective measures and limitations, assets that require safeguarding, and enclaves that establish secure operational environments. The Security Viewpoint addresses both technical and non-technical dimensions of security, incorporating considerations such as human behavior, organizational culture, and established cybersecurity frameworks.

UAF Security Views

Security Motivation Sc-Mv	Stakeholders: Security Architects, Security Engineers, Risk Analysts. Concerns: Security controls, security control families, and overlays. Definition: Identifies security controls to mitigate against the security risks.
Security Taxonomy Sc-Tx	Stakeholders: Security Architects, Security Engineers. Concerns: Security assets and security enclaves. [Class] Service [Class] OperationalArchitecture «stereotype» [Class] OperationalMitigation Definition: Defines the hierarchy of security assets and asset owners that are available to implement security, security constraints (policy, guidance, laws, and regulations) and details where they are located (security enclaves).
Security Structure Sc-Sr	Stakeholders: Security Architects, Security Engineers. Concerns: The structure of security information and where it is used at the operational and resource level. Definition: Captures the allocation of assets (operational and resource, information and data) across the security enclaves, shows applicable security controls necessary to protect organizations, systems and information during processing, while in storage (bdd), and during transmission (flows on an ibd). This view also captures Asset Aggregation and allocates the usage of the aggregated information at a location through the use of the information roles.
Security Connectivity Sc-Cn	Stakeholders: Security Architects, Security Engineers. Concerns: Addresses the security constraints and information assurance attributes that exist on exchanges across resources and across performers. Definition: Lists security exchanges across security assets; the applicable security controls; and the security enclaves that house the producers and consumers of the exchanges. Measurements can optionally be included.
Security Processes Sc-Pr	Stakeholders: Security Architects, Security Engineers. Concerns: The specification of the Security Control families, security controls, and measures required to address a specific security baseline. Definition: Provides a set of Security Controls and any possible enhancements as applicable to assets. The activity diagram describes operational or resource level processes that apply (operational level) or implement (resource level) security controls/enhancements to assets located in enclaves and across enclaves. This Security Process view can be instantiated either as a variant of an activity/flow diagram or as a hierarchical work breakdown structure.
Security Constraints Sc-Ct	Stakeholders: Security Architects, Security Engineers. Concerns: Security-related policy, guidance, laws, and regulations as applicable to assets. Definition: Specifies textual rules/non-functional requirements that are security constraints on resources, information and data (e.g., security-related in the form of rules (e.g., access control policy). A common way of representing access control policy is through the use of XACML (eXtensible Access Control Markup Language), it is expected that implementations of UAF allow users to link security constraints to external files represented in XACML.
Security Traceability Sc-Tr	Stakeholders: Security Architects, Security Engineers, Risk Analysts. Concerns: Traceability between risk and risk owner, risk mitigations, and affected asset roles. Definition: Depicts the mapping of a risk to each of the following: risk owner, risk mitigations, and affected asset roles.

This website uses cookies
We use cookies to improve your experience on our website. Rejecting it may weaken protection and affect site loading speed. You can visit our Privacy Policy page for more information and adjust your cookie settings. Preferences
Your privacy Strictly necessary cookies Tracking and Performance Cookies More information Your privacy is important to us Cookies are very small text files that are stored on your computer when you visit a website. We use cookies for a variety of purposes and to enhance your online experience on our website (for example, to remember your account login details). You can change your preferences and decline certain types of cookies to be stored on your computer while browsing our website. You can also remove any cookies already stored on your computer, but keep in mind that deleting cookies may prevent you from using parts of our website. Strictly necessary cookies These cookies are essential to provide you with services available through our website and to enable you to use certain features of our website. Without these cookies, we cannot provide you certain services on our website. If you close the banner without making a selection, the 'Accept Minimum' option will be automatically applied to ensure basic functionality of the website. Tracking and performance cookies These cookies are used to collect information to analyze the traffic to our website and how visitors are using our website. For example, these cookies may track things such as how long you spend on the website or the pages you visit which helps us to understand how we can improve our website site for you. The information collected through these tracking and performance cookies do not identify any individual visitor. More information For any queries in relation to our policy on cookies and your choices, please contact us.

UAF Security Views

UAF Security Views

This website uses cookies

Your privacy is important to us

Strictly necessary cookies

Tracking and performance cookies

More information