Gilsinn, J.
and , R.
(2010),
Security Assurance Levels: A Vector Approach to Describing Security Requirements, Other, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906330
(Accessed October 26, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Assurance Levels: A Vector Approach to Describing Security Requirements
Published
Author(s)
, Ragnar Schierholz
Abstract
Safety systems have used the concept of safety integrity levels (SILs) for almost two decades. This allows the safety of a component or system to be represented by a single number that defines a protection factor required to ensure the health and safety of people or the environment based on the probability of failure of that component or system. The overall risk can be calculated based on the consequences that those failures could potentially have. Security systems have much broader application, a much broader set of consequences, and a much broader set of possible circumstances leading up to a possible event. The increased complexity of security systems makes compressing the protection factor down to a single number much more difficult. The concept of a vector of Security Assurance Levels (SALs) to describe the protection factor needed to ensure the security of a system is introduced in this paper.Citation
OTHER -
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
security, assurance, level, sal, vector, requirement, isa, isa99, industrial, automation, control, system, iacs
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created October 20, 2010, Updated May 4, 2021