Essentially all systems with software should address security. However, there is no single “magic bullet” that makes software secure, because security is
an emergent property of a system. Tracking and managing the application of the various techniques across the software corpus and throughout the software
life cycle can be overwhelming. An assurance case is a widely-recommended practical alternative to other approaches for managing the assurance activities.
An assurance case “includes a top-level claim for a property of a system or product (or set of claims), systematic argumentation regarding this claim, and
the evidence and explicit assumptions that underlie this argumentation.” [ISO 15026-2:2011]. Since an assurance case is systematic, it is much easier for
people to determine if important areas have been adequately covered, and to understand the ramifications of different decisions. Maintaining an assurance
case for security properties (a “security assurance case”) is a simple idea, but many have found it difficult to create a security assurance case because of
the limited number of sample patterns and worked examples. This document provides a sample security assurance case pattern, based on a publicly available assurance case of a real commercial system. This document also shows how this pattern can be applied to a real system. We hope that many
system/software developers and approving authorities will find this sample pattern and application to be a useful place to start when developing their own
assurance cases. This document also discusses changes that could be made to deal with different kinds of applications, such as Internet of Things (IoT) or
weapon systems. The sample security assurance case pattern provided here is for a system that only requires moderate assurance; higher levels of assurance
would call for more rigor. This pattern can make it much easier to create a security assurance case.
