Security Management Work Products#

Platform Security Plan		status: valid
tags: doc_lifecycle_model_2, platform, security_management, security_management is input to: wf__cr_mt_security_package, wf__p_fs_audit_security, wf__p_formal_security_rv, wf__cr_mt_security_sbom, wf__mr_vy_security, wf__consult_exe_sec_training is output from: wf__cr_mt_security_plan complies: std_wp__isosae21434__prj_management_651, std_wp__isosae21434__maintenance_13331, std_wp__isosae21434__continual_8331, std_wp__isosae21434__continual_8332, std_wp__isosae21434__prj_management_653 realized by: doc__platform_security_plan, doc__feature_name_security_wp
Plan to manage and guide the execution of the security activities of a project including dates, milestones, tasks, deliverables, responsibilities (including the Security Manager appointment) and resources. This Platform Security Plan also takes into account the eclipse organization’s rules relevant for security development. Guidelines on how an change impact analysis shall be concluded on each item or element involved together with it’s connected items or elements. For the template see here: Platform Security Manual This is on following level: Project/Platform (contains definitions how security planning is performed generally in the project)
wp__platform_security_plan		Workproduct

Module Security Plan		status: valid
tags: doc_lifecycle_model_2, security_management, security_management is input to: wf__cr_mt_security_package, wf__p_fs_audit_security, wf__p_formal_security_rv, wf__cr_mt_security_sbom, wf__mr_vy_security, wf__consult_exe_sec_training is output from: wf__cr_mt_security_plan complies: std_wp__isosae21434__prj_management_651 realized by: doc__module_name_security_plan
Plan to manage and guide the execution of the security activities of a project including dates, milestones, tasks, deliverables, responsibilities (including the Security Manager appointment) and resources. Guidelines on how an impact analysis shall be concluded on each item or element involved together with it’s connected items or elements. For the template see here: [Your Module Name] Security... This is on following level: Module (contains activities planning based on a Change Request)
wp__module_security_plan		Workproduct

Platform Security Package		status: valid
tags: doc_lifecycle_model_2, platform, security_management, security_management is input to: wf__p_fs_audit_security, wf__p_formal_security_rv, wf__cr_mt_security_sbom, wf__mr_vy_security is output from: wf__cr_mt_security_package complies: std_wp__isosae21434__prj_management_652
Compiled security relevant work products. For platform OoC. Note that the Platform Security Package does not contain an argument that the platform is safe and secure.
wp__platform_security_package		Workproduct

Module Security Package		status: valid
tags: doc_lifecycle_model_2, security_management, security_management is input to: wf__p_fs_audit_security, wf__p_formal_security_rv, wf__cr_mt_security_sbom, wf__mr_vy_security is output from: wf__cr_mt_security_package complies: std_wp__isosae21434__prj_management_652
Compiled security relevant work products. For Module OoC. Note that the Module Security Package does not contain an argument that the module is safe and secure.
wp__module_security_package		Workproduct

Formal Document Review Reports		status: valid
tags: doc_lifecycle_model_2, security_management, security_management is output from: wf__p_formal_security_rv complies: std_wp__isosae21434__prj_management_654
Review that a work product provides sufficient and convincing evidence of their contribution to the achievement of security considering the corresponding objectives and requirements of ISO SAE 21434. Will contain formal review report for Security Plan, Security Package and Security Analyses. For the different review checklist see here: Review checklist for Security Plans: [Your Platform Name] Securi... and [Your Module Name] Security... Review checklist for Security Packages: [Your Platform Name] Securi... and [Your Module Name] Security...
wp__fdr_reports_security		Workproduct

Process Security Audit Report		status: valid
tags: doc_lifecycle_model_2, security_management, security_management is output from: wf__p_fs_audit_security complies: std_wp__isosae21434__org_management_555
Examination of an implemented process with regard to the process objectives and that those match the ISO SAE 21434. (Currently tailored out, needs discussion)
wp__audit_report_security		Workproduct

Platform Security Manual		status: valid
tags: doc_lifecycle_model_2, platform, security_management, security_management is output from: wf__cr_mt_security_manual complies: std_wp__isosae21434__prj_management_654 realized by: doc__platform_security_manual
The Security Manual describes: the assumed platform requirements (security related, including for post-development); the security concept of the OoC (i.e. which attack paths are taken care of); the assumptions of use (of the features); a link to the user manual; the reactions of the implemented functions under threatened operating conditions; and a description of known vulnerabilities with corresponding workaround measures. This is on platform level. Only one manual for the entire platform. For template see here: Platform Security Manual
wp__platform_security_manual		Workproduct

Module Security Manual		status: valid
tags: doc_lifecycle_model_2, security_management, security_management is output from: wf__cr_mt_security_manual complies: std_wp__isosae21434__prj_management_654 realized by: doc__module_name_security_manual
The Security Manual describes: the assumed platform requirements (security related, including for post-development); the security concept of the OoC (i.e. which attack paths are taken care of); the assumptions of use (of the modules’s components); a link to the user manual; the reactions of the implemented functions under threatened operating conditions; and a description of known vulnerabilities with corresponding workaround measures. This is on module level. One manual per each module. For template see here: [Your Module Name] Security...
wp__module_security_manual		Workproduct

Platform Software Bill of Material (SBOM)		status: draft
tags: doc_lifecycle_model_2, platform, security_management, security_management is input to: wf__mr_vy_security is output from: wf__cr_mt_security_sbom complies: std_wp__isosae21434__continual_8631
Platform Software Bill of Material - comprehensive inventory of software components to ensure security, integrity, and compliance.
wp__sw_platform_sbom		Workproduct

Module Software Bill of Material (SBOM)		status: draft
tags: doc_lifecycle_model_2, security_management, security_management is input to: wf__mr_vy_security is output from: wf__cr_mt_security_sbom complies: std_wp__isosae21434__continual_8631
Module Software Bill of Material - comprehensive inventory of software components to ensure security, integrity, and compliance.
wp__sw_module_sbom		Workproduct