|
Document ID:
|
DI-IPSC-82250
Scroll down to access document images
|
|
Overview
|
|
Title:
|
Software Attack Surface Analysis Report (SASAR)
|
|
Scope:
|
The Software Attack Surface Analysis Report (SASAR) documents the results of the attack surface analysis activities. The attack surface of a software environment is the sum of the different points of attack vectors where unauthorized users enter data to, or extract data from, software an environment. Keeping the attack surface as small as possible is a key Software Assurance (SwA) objective. The SASAR involves the following:
a. Updating the Software Threat Assessment Report (STAR), DI-IPSC-82251A, with all attack surfaces enumerated and documented in the SASAR.
b. Identifying directly or by reference in the Software Development Plan (SDP), Firmware Development Plan (FDP), Program Protection Implementation Plan (PPIP), or equivalent documents, that design or modification of the software attack surface areas defined by the SASAR, require formal cybersecurity and software assurance review, assessment, and documented within the system test plan.
c. The SASAR is used as input to the risk assessments completed in the Software Vulnerability Assessment Report (SVAR), DI-IPSC-82252, and the Software Assurance Evaluation Report (SAER), DI-IPSC-82249.
|
|
Status:
|
Active
|
DID Date:
|
11-FEB-2021
|
|
|
|
|
|
Next Review Due:
|
10-FEB-2026
|
|
|
|
FSC/Area:
|
IPSC
|
Doc Category:
|
Data Item Description
|
|
|
|
|
|
Revision History
|
Click on column headings for a description of column content.
|
 | Revision A | A | 11-FEB-2021 | 4 | 176.8 KB |
| Base Document | A | 24-JAN-2019 | 2 | 150.2 KB |
NOTE: It is recommended that you use Adobe Reader v7.0 or higher for optimal download performance;
older versions should continue to work, but downloading large files may appear to take longer,
so please be patient in those cases.
|
|