Assets are the logical and physical resources of the aircraft that contribute to the airworthiness of the aircraft. The purpose of the Security Scope Definition is to identify the assets, document the points of entry to the assets, and determine their environment.
The Security Scope Definition outputs are used in two ways, as part of the:
- Airworthiness Security Process to derive architectural and design constraints and requirements; and
- Continuing Airworthiness Process (documented in DO-355/ED-204), to derive Operator Guidance for the safe operation and maintenance of the
The Security Scope Definition phase is comprised of two parts:
- Security Perimeter - the notional boundary between an internal security context and the external security environment of the aircraft or system under consideration. It marks the change of security control. The internal security context is comprised of the assets contained in the security perimeter and the relevant security
Security Environment: the description of everything outside the security perimeter that is relevant to the security of the aircraft or system under consideration. The definition of security environments is equivalent to the external context as used in ISO 27005:2011.
To learn more about specifying security scope, refer to the following pages: