1、g3g3g3IEEE Standard Adoption of ISO/IEC 15026-3Systems and Software EngineeringSystems and Software AssurancePart 3: System Integrity Levels Sponsored by the Software Users of integrity levels such as developers and maintainers, suppliers and acquirers, users, and assessors of systems or software an
2、d for the administrative and technical support of systems and/or software products. One important use of integrity levels is by suppliers and acquirers in agreements; for example, to aid in assuring safety, economic, or security characteristics of a delivered system or product. This standard does no
3、t prescribe a specific set of integrity levels or their integrity level requirements. In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes. This standard can be used alone or with other parts of ISO
4、/IEC 15026. It can be used with a variety of technical and specialized risk analysis and development approaches. ISO/IEC TR 15026-1 provides additional information and references to aid users of IEEE Std 15026-3. Keywords: adoption, argument, assurance case, claim, dependability, evidence, IEEE 1502
5、6-3, integrity level, property, reliability, safety, security, software assurance, software engineering, system assurance, systems engineering The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2013 by The Institute of Electrical and Ele
6、ctronics Engineers, Inc. All rights reserved. Published 12 July 2013. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the
7、 Copyright Clearance Center. Copyright 2013 IEEE. All rights reserved. ivNotice to users Laws and regulations Users of IEEE Standards documents should consult all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicabl
8、e regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be const
9、rued as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practic
10、es and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE Standards documents should be aware that these documents may be superseded at any
11、 time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In o
12、rder to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/standards.ieee.org/index.html or contact the IEEE at the address listed previously. For more information abo
13、ut the IEEE Standards Association or the IEEE standards development process, visit IEEE-SA Website at http:/standards.ieee.org/index.html. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are enco
14、uraged to check this URL for errata periodically. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validit
15、y of any patent rights in connection therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indi
16、cate whether the Submitter is willing or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Copyright 2013 IEEE. A
17、ll rights reserved. vEssential Patent Claims may exist for which a Letter of Assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or deter
18、mining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the
19、 risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Participants At the time this IEEE standard was completed, the Life Cycle Processes Working Group had the following membership: James W. Moore, IEEE Co
20、mputer Society Liaison to ISO/IEC JTC 1/SC 7 The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Ed Addario Edward Addy T. Scott Ankrum Chris Bagge Charles Barest Juris Borzovs Pieter Botman Lyle Bullo
21、ck Juan Carreon Sue Carroll Lawrence Catchpole Keith Chow Geoffrey Darnton Thomas Dineen Teresa Doran Antonio Doria Harriet Feldman Andrew Fieldsend Eva Freund David Friscia David Fuschi Gregg Giesler Ron Greenthaler Randall Groves John Harauz David Herrell Richard Hilliard Werner Hoelzl Glenn Hoffm
22、an Robert Holibaugh Bernard Homes Peter Hung Atsushi Ito Mark Jaeger Cheryl Jones Piotr Karocki Dwayne Knirk Ronald Kohl Thomas Kurihara George Kyle Susan Land J. Dennis Lawrence David Leciston Greg Luri Wayne Manges William McBride Edward McCall James W. Moore Michael S. Newman Chris Osterloh Willi
23、am Petit Ulrich Pohl Iulian Profir Annette Reilly Robert Robinson Helmut Sandmayr Bartien Sayogo Robert Schaaf Hans Schaefer Maud Schlich David Schultz Stephen Schwarm Gil Shultz Carl Singer James Sivak Michael Smith Kapil Sood Friedrich Stallinger Thomas Starai Walter Struppler Gerald Stueve Marcy
24、Stutzman Thomas Tullia Vincent Tume John Vergis David Walden Stephen Webb M. Karen Woolf Jian Yu Oren Yuen Janusz Zalewski Copyright 2013 IEEE. All rights reserved. viWhen the IEEE-SA Standards Board approved this standard on 14 June 2013, it had the following membership: John Kulick, Chair David J.
25、 Law, Vice Chair Richard H. Hulett, Past Chair Konstantinos Karachalios, Secretary Masayuki Ariyoshi Peter Balma Farooq Bari Ted Burse Wael William Diab Stephen Dukes Jean-Philippe Faure Alexander Gelman Mark Halpin Gary Hoffman Paul Houz Jim Hughes Michael Janezic Joseph L. Koepfinger* Oleg Logvino
26、v Ron Petersen Gary Robinson Jon Walter Rosdahl Adrian Stephens Peter Sutherland Yatin Trivedi Phil Winston Yu Yuan *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Richard DeBlasio, DOE Representative Michael Janezic, NIST Representative Catherine Berger
27、IEEE Standards Senior Program Manager, Document Development Malia Zaman IEEE Standards Program Manager, Technical Program Development Copyright 2013 IEEE. All rights reserved. viiIntroduction This introduction is not part of IEEE Std 15026-3-2013, IEEE Standard Adoption of ISO/IEC 15026-3Systems and
28、 Software EngineeringSystems and Software AssurancePart 3: System Integrity Levels. The IEEE Software and Systems Engineering Standards Committee (S2ESC) has undertaken a long-term program to harmonize its standards with those of ISO/IEC JTC 1/SC 7, the international standards committee for software
29、 and systems engineering. In areas of overlap, one organization sometimes adopts the relevant standard from the other organization, or the two organizations cooperate to produce a single joint standard. In this case, S2ESC has chosen to adopt a relevant document from SC 7. This IEEE standard is an a
30、doption of ISO/IEC 15026-3:2011. References to some ISO/IEC standards should be considered as references to the identical IEEE standard: ISO/IEC/IEEE 12207:2008 is identical to ISO/IEC 12207:2008 ISO/IEC/IEEE 15288:2008 is identical to ISO/IEC 15288:2008 ISO/IEC/IEEE 15289:2011 is identical to ISO/I
31、EC 15288:2011 ISO/IEC/IEEE 16085:2006 is identical to ISO/IEC 16085:2006 IEEE Std 15026-1-2011 is identical to ISO/IEC TR 15026-1:2010 IEEE Std 15026-2-2011 is identical to ISO/IEC 15026-2:2011 ISO/IEC/IEEE 42010-2011 is identical to ISO/IEC 42010:2011 It should also be noted that IEEE is currently
32、planning to ballot adoption of the other part of the 15026 series, namely, ISO/IEC 15026-4. Errata The following editorial corrections are made in the adopted document: Page 5, Subclause 5.4, first line: Change “5.4” to “Clause 6”. Page 6, Subclause 6.1, fourth line: Change “acheievement” to “achiev
33、ement”. Copyright 2013 IEEE. All rights reserved. viiiContents of IEEE Std 15026-3-2013 ISO/IEC 15026-3:2011 1 Copyright 2013 IEEE. All rights reserved. 1IEEE Standard Adoption of ISO/IEC 15026-3Systems and Software EngineeringSystems and Software AssurancePart 3: System Integrity Levels IMPORTANT N
34、OTICE: IEEE Standards documents are not intended to ensure safety, health, or environmental protection, or ensure against interference with or from other devices or networks. Implementers of IEEE Standards documents are responsible for determining and complying with all appropriate safety, security,
35、 environmental, health, and interference protection practices and all applicable laws and regulations. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found u
36、nder the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obtained on request from IEEE or viewed at http:/standards.ieee.org/IPR/disclaimers.html. Reference numberISO/IEC 15026-3:2011(E)ISO/IEC 2011INTERNATIONAL STANDARDISO/IEC15026-3Firs
37、t edition2011-12-15Systems and software engineering Systems and software assurance Part 3: System integrity levels Ingnierie du logiciel et des systmes Assurance du logiciel et des systmes Partie 3: Niveaux dintgrit du systme ISO/IEC 15026-3:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All righ
38、ts reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the
39、 requester. ISO copyright office Case postale 56 v CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reserved ISO/IEC 15026-3:2011(E) ISO/IEC 2011 All rights reserved iiiContents PageForeword .v1
40、 Scope12 Normative references13 Terms and definitions .24 Integrity level framework 24.1 Integrity level specification 24.2 Process for using integrity levels35 Using this Part 3 45.1 Uses of this part of ISO/IEC 15026.45.2 Documentation 55.3 Personnel and organizations .55.4 Overview of this part o
41、f ISO/IEC 15026 .56 Defining integrity levels66.1 Purpose for using this part of ISO/IEC 15026.66.2 Outcomes of using this part of ISO/IEC 15026.66.3 Prerequisites for defining integrity levels.66.3.1 Establish appropriateness of area for use of integrity levels.66.3.2 Establish purpose and prelimin
42、ary scope76.4 Consistency with use requirements76.5 Analysis of scope of applicability76.6 Three required work products .86.6.1 Specifying an integrity level claim.86.6.2 Specifying integrity level requirements 96.6.3 Justification of match between integrity level claim and its requirements.96.7 Mai
43、ntaining integrity level specification .106.8 Information provided for users 116.8.1 Requirements.116.8.2 Guidance and recommendations.117 Using integrity levels 117.1 Purpose for using this part of ISO/IEC 15026.117.2 Outcomes of using this part of ISO/IEC 15026.127.3 Prerequisites for use of integ
44、rity levels 127.3.1 Determine scope of covered risks.127.3.2 Establish applicability of integrity levels to the scope of their use .137.3.3 Decide role of integrity levels in life cycle137.3.4 Establish approach to risk analysis 138 System or product integrity level determination .138.1 Introduction
45、138.2 Risk .148.2.1 Introduction148.2.2 Risk criterion148.2.3 Risk analyses.158.2.4 Risk evaluation 178.3 Assignment of system or product integrity level.178.4 Independence from internal architecture188.5 Maintaining system or product integrity level188.5.1 Introduction188.5.2 System changes 18ISO/I
46、EC 15026-3:2011(E) iv ISO/IEC 2011 All rights reserved8.5.3 Risks becomes known 188.5.4 Requirements change .188.6 Traceability of system or product integrity level assignments 199 Assigning system element integrity levels .199.1 General199.2 Architecture and design199.2.1 General199.2.2 Failure han
47、dling mechanisms 199.3 Assignment 209.4 Scope of assignments.209.5 Special considerations209.5.1 Cycles and recursion 209.5.2 Special situations and requirements regarding integrity levels.209.5.3 Behaviours other than failure.219.6 Maintaining the assignment of integrity levels.219.6.1 General219.6
48、.2 Changing integrity level assignments.2110 Meeting integrity level requirements .2210.1 Requirements related to evidence .2210.1.1 Related information .2210.1.2 Organization of evidence 2210.1.3 Interpretation of evidence.2210.2 Alternatives 2210.3 Achieving integrity level claim .2310.4 Correctiv
49、e actions2311 Agreements and approvals.2311.1 Authorities 2311.2 Specific approvals and agreements related to integrity level definition .2411.3 Specific approvals and agreements related to integrity level use .2411.4 Documentation.25Annex A (normative) Inputs and outputs for integrity level framework26A.1 Table for Clause 4 Integrity level framework 26Annex B (informative) An example of use of ISO/IEC 15026-3 .27B.1 Introduction27B.2
