Product release
At this point, you’ve performed all the cybersecurity activities defined in your cybersecurity plan. Now, you are ready to make an official product release. But before doing so, you must prove that the work products have been prepared as per the organization’s CSMS and that the objectives of the CSMS have been fully achieved by your product. Gaining release approval requires that you prepare a cybersecurity case and undergo a cybersecurity assessment.
Cybersecurity case
Fast forwarding to the end of the project, the argument for why the product has achieved an adequate level of cybersecurity for its intended use case must be captured within the cybersecurity case. Typically, the case relies on two types of arguments: a process argument and a technical argument. The process argument demonstrates that the product has followed the cybersecurity engineering process and presents any deviations, along with arguments for why those deviation-based risks...
