Structured assurance cases: three common standards

For safety-, mission-, or security-critical systems, there are typically regulations or acquisition guidelines requiring a documented body of evidence to provide a compelling justification that the system satisfies specified critical properties. Current frameworks suggest the detailed outline of the final product but leave the truly meaningful and challenging aspects of arguing assurance to the developers and reviewers. We began with two major hypotheses. We selected a software notation suitable for building structured safety cases and applied it to three disparate assurance standards. Each of the three standard mapping efforts is discussed, along with the problems we encountered. In addition to the standards, we used the notation to structure an assurance case for a practical security-critical system, and we describe the lessons learned from that experience. We conclude with practical options for using our mappings of the standards and how well our initial hypotheses are borne out by the project.