Degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization.

Die Software soll also gegen Angriffe sicher sein, mit den folgenden Unterpunkten:

Confidentiality

ensures that data are accessible only to those authorized to have access.

Integrity

prevents unauthorized access to, or modification of, computer programs or data.

Non-repudiation¹

can be proven to have taken place so that the events or actions cannot be repudiated later.

Accountability

can be traced uniquely to the entity.

Authenticity

identity of a subject or resource can be proved to be the one claimed.

STRIDE

Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege