Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Assurance Levels: A Vector Approach to Describing Security Requirements



James D. Gilsinn, Ragnar Schierholz


Safety systems have used the concept of safety integrity levels (SILs) for almost two decades. This allows the safety of a component or system to be represented by a single number that defines a protection factor required to ensure the health and safety of people or the environment based on the probability of failure of that component or system. The overall risk can be calculated based on the consequences that those failures could potentially have. Security systems have much broader application, a much broader set of consequences, and a much broader set of possible circumstances leading up to a possible event. The increased complexity of security systems makes compressing the protection factor down to a single number much more difficult. The concept of a vector of Security Assurance Levels (SALs) to describe the protection factor needed to ensure the security of a system is introduced in this paper.


security, assurance, level, sal, vector, requirement, isa, isa99, industrial, automation, control, system, iacs


Gilsinn, J. and , R. (2010), Security Assurance Levels: A Vector Approach to Describing Security Requirements, Other, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 29, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 20, 2010, Updated May 4, 2021