Architecting and designing > Unified Architecture Framework (UAF) > Overview > Differences between UAF and DoDAF 2 > Framework-agnostic view prefixes and names > UAF Security views
  
UAF Security views
UAF incorporates the Security views of the Canadian DNDAF. That metamodel enables capturing of:
Risk – A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.
SecurityControl – A type of OperationalActivity that specifies a safeguard or countermeasure prescribed for OperationalPerformer. It is intended to protect the confidentiality, integrity, and availability of its information.
EnhancedSecurityControl – A type of Activity that represents an enhanced SecurityControl. It specifies a safeguard or countermeasure prescribed for a ResourcePerformer. It is intended to protect the confidentiality, integrity, and availability of the Resource’s information and to meet a set of defined security requirements
SecurityControlFamily – A type that organizes security controls into a family.
ResourceMitigation – a resource that mitigates Risk against an asset. It is a subtype of ResourceArchitecture, which in turn is a subtype of ResourcePerformer.
SecurityEnclave – Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems can be structured by physical proximity or by function, independent of location
SecurityConstraint – A type of rule that captures a formal statement to define access control policy language.
Caveat – A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.
Parent topic
Framework-agnostic view prefixes and names