Why Security Analysis Matters
DO-326A security assurance is a critical element of modern aerospace certification. The Aerospace Safety Solution integrates security threat assessment into your overall safety and requirements management workflow:- STRIDE-Based Threat Identification — Systematically identify security threats across spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege
- Security Assurance Level (SAL) Calculation — Assign SAL ratings based on threat likelihood and impact, then track residual SAL after mitigation
- Traceability to Design — Link security countermeasures to system and design requirements, ensuring every security objective is verified
- Integration with Safety Analysis — Security threat assessment complements your FHA, FMEA, and safety assessment workflows
Key Concepts
| Concept | Description |
|---|---|
| STRIDE Threat Model | A taxonomy of threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege |
| Security Assurance Level (SAL) | A rating (1–4) assigned to each threat based on severity and likelihood; used to prioritize countermeasures |
| Security Countermeasure | A design requirement or control that mitigates a identified threat |
| Threat Assessment Document | A risk specification module in Polarion that organizes threats, SAL calculations, and traceability links |
Security in the Aerospace Safety Solution
The Aerospace Safety Solution embeds DO-326A security analysis alongside your functional safety workflow:- Threat Identification — Create a threat assessment document and enumerate security threats using STRIDE categories
- Risk Assessment — For each threat, estimate likelihood and impact; calculate initial and post-mitigation SAL
- Countermeasure Design — Link security requirements and design characteristics that address each threat
- Verification — Reference test cases and design verification that confirm countermeasures are effective
- Compliance Tracking — Use the Compliance Matrix to verify security objectives are met per certification targets
Next Steps
- Create a DO-326A Threat Assessment — Step-by-step guide to building a security threat analysis module
- Read the Certification Readiness Scorecard — Monitor your security analysis progress against DO-326A certification objectives
- Navigate Role Dashboards — Use security-focused dashboard views to manage threat assessment workflows
Source References (dev)
Source References (dev)
Code:
modules/RiskTemplates/SecurityThreatTemplate/attachments/risksheet.json (0.60) · .polarion/nextedy/sheet-configurations/DO-326A Security Requirements Traceability.yaml (0.54) · .polarion/pages/spaces/_default/Safety Assessment Summary/page.xml, Common Cause Analysis Report/page.xml, Security Threat Assessment/page.xml, Hara Risk Matrix Report/page.xml (0.49) · .polarion/tracker/fields/securityThreat-attackSurface-enum.xml, securityThreat-likelihood-enum.xml, securityThreat-impact-enum.xml, securityThreat-sal-enum.xml (0.48) · .polarion/tracker/fields/securityThreat-threatCategory-enum.xml (0.48) · .polarion/nextedy/models/rtm.yaml (0.44) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.43) · .polarion/tracker/fields/securityThreat-custom-fields.xml (0.41) · .polarion/pages/spaces/Requirements/Home/page.xml, Design/Home/page.xml, Risks/Home/page.xml, Testing/Home/page.xml, Risks/FMEA Reports/page.xml, Documentation/Home/page.xml, Documentation/Powersheet Help Redirect/page.xml, RiskTemplates/Home/page.xml (0.41) · .polarion/tracker/fields/workitem-type-enum.xml (0.39)