Sample – Suggested Technical Design Documentation Format
October 22, 2012I. Meaning of Protection
Describe how the system provides trust and specify the protection mechanisms contained within the system (i.e., discretionary access controls and identification and authentication).
II. Translating of Protection into the System
This section shall:
a. Describe the boundaries of the system; and
b.Describe the parts of the system that are security relevant and not relevant.
III. System Design
This section shall:
a. Provide a description of the system;
b.Provide a graphic to describe the systems security services and mechanisms;
c. Provide a diagram of process, data, and control flows that occur within the system architecture.
- The flow diagram should trace the system operations from initial data input through final output;
d. Identify the hardware, software, and firmware, why they are considered, the interfaces between them, and the implementation of them.
V. Protection of System
Describe how the security mechanisms protect the system from tampering (i.e., the discretionary access control (DAC) mechanism controls access between named users or groups and name objects with the system).
VI. Provide a Statement of the System Security Policy (if it exists)
Describe what is being access by whom and from what.