Definition Edit

Security relevance

describe[s] those functions/mechanisms that are relied upon, directly or indirectly, to enforce security policy that governs confidentiality, integrity, and availability protections.[1]

Overview Edit

"The concept of security relevance is a continuum that represents the relationship between a function or mechanism and its significance (i.e., role, importance, and impact) in the enforcement of security policy. This continuum, in order of greatest to least significance, can be expressed as the following three types: (i) security-enforcing functions that are directly responsible for making or enforcing security policy decisions; (ii) security-supporting functions that contribute to the ability of security-enforcing functions to make or enforce security policy decisions; and (iii) security non-interfering functions that do not enforce or support any aspect of the security policy, but have the potential to adversely affect the correct operation of the security-enforcing and security-supporting functions. These functions must be understood to ensure that they are non-interfering."[2]

References Edit

  1. NIST Special Publication 800-160, at B-11.
  2. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.