Case Specific Guidance�(aka “Executive Summaries”)
Descriptive Name for the Need
Describe what the user wants the system to do
Describe the problem the system is intended to solve
What the user wants the system to do? What is the problem the system is intending to solve?
Where does the system operate? How is it used? Diagram of system context
How could an adversary harm operations?
What are the information system attacks for which protection is needed?
What are the security objectives that the system must meet? Info domains?
What is the conceptual architecture for the system? Where will security functions be allocated? Diagram of system
What are the security functional requirements for the system? What security services must the system perform for each information domain?
What is the target Evaluation Assurance Level?
What strength of mechanism is needed?
Interoperability Requirements
What other equipments, systems, or procedures must this system exchange information with?
Supporting Infrastructure Requirements
What support does the system require from Detect and Respond ? What support does the system require from the Key Management Infrastructure?
Version Control/Reference Information
When last up-dated? By who? Approved by who?
From IATF Release 2.0, Figure F-1�Executive Summary Outline
Executive Summary for ______