Security

Degree to which a product or system defends against attack patterns by malicious actos and protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization. This characteristic is composed of the following sub-characteristics:

Confidentiality

Degree to which a product or system ensures that data are accessible only to those authorized to have access.

Integrity

Degree to which a system, product or component ensures that the state of its system and data are protected from unauthorized modification or deletion either by malicious action or computer error.

Non-repudiation

Degree to which actions or events can be proven to have taken place so that the events or actions cannot be repudiated later.

Accountability

Degree to which the actions of an entity can be traced uniquely to the entity.

Authenticity

Degree to which the identity of a subject or resource can be proved to be the one claimed.

Resistance

Degree to which the product or system sustains operations while under attack from a malicious actor.