Security relevance

Definition
Security relevance

"describe[s] those functions/mechanisms that are relied upon, directly or indirectly, to enforce security policy that governs confidentiality, integrity, and availability protections."

Overview
"The concept of security relevance is a continuum that represents the relationship between a function or mechanism and its significance (i.e., role, importance, and impact) in the enforcement of security policy. This continuum, in order of greatest to least significance, can be expressed as the following three types: (i) security-enforcing functions that are directly responsible for making or enforcing security policy decisions; (ii) security-supporting functions that contribute to the ability of security-enforcing functions to make or enforce security policy decisions; and (iii) security non-interfering functions that do not enforce or support any aspect of the security policy, but have the potential to adversely affect the correct operation of the security-enforcing and security-supporting functions. These functions must be understood to ensure that they are non-interfering."