Architecting and designing : NATO Architecture Framework (NAF) : NAF v4 : Overview : NAF v4 Uses UAF Metamodel : The UAF Metamodel
  
The UAF Metamodel
The UAF Domain Meta-model (DMM) itself is based on the DoDAF 2.02 domain metamodel – the DM2, with additions to incorporate metamodel concepts of NAF 3, MODAF 1.2, and the Canadian DNDAF 1.7.
Security Artifacts
There are a number of artifact types concerning Security that are part of the UAF metamodel – brought in from the Canadian DnDAF – which are provided in NAF v4 – however, since NAF v4 does not specify viewpoints for these Security artifacts they exist only as definitions in NAF v4, and cannot be visualized on a viewpoint. They can be captured in the architecture, and output in reports.
These artifact types are:
Risk – A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.
SecurityControl – A type of OperationalActivity that specifies a safeguard or countermeasure prescribed for OperationalPerformer. It is intended to protect the confidentiality, integrity, and availability of its information.
EnhancedSecurityControl – A type of Activity that represents an enhanced SecurityControl. It specifies a safeguard or countermeasure prescribed for a ResourcePerformer. It is intended to protect the confidentiality, integrity, and availability of the Resource’s information and to meet a set of defined security requirements
SecurityControlFamily – A type that organizes security controls into a family.
ResourceMitigation – a resource that mitigates Risk against an asset. It is a subtype of ResourceArchitecture, which in turn is a subtype of ResourcePerformer.
SecurityEnclave – Collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location
SecurityConstraint – A type of rule that captures a formal statement to define access control policy language.
Caveat – A statement of the impact of an event on Assets. It represents a constraint on an Asset in terms of adverse effects, with an associated measure. The measure is used to capture the extent to which an entity is threatened by a potential circumstance or event. Risk is typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Software related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems.
Parent topic
NAF v4 Uses UAF Metamodel