Software or data it processed must be accessible by only those who are authorized - It must be accessible only at the time that it is required.

Provides Common Criteria to evaluate IT security product

US-CERT Vulnerability Notes - Common Vulnerability Scoring System (CVSS) - Open Source Vulnerability Database - Common Vulnerabilities and exposure (CVE) - Common Weakness Enumeration (CWE)

Replacement of ISO 17799 standards - Provide guidelines for effective security management practices - Outlines control objectives and controls in diverse areas of ISMS

Protection against improper data alteration. It is a measure of software resiliency and pertains to the modification of data and the reliable function of the software - Data is internally and externally consistent

Support policies at a granular and specific level - Can be characterized as internal and external

Dependability - Trustworthiness : MInimum number or no vulnerabilities - Resilience : Resistant or tolerant of attacks and able to recover quickly with as little harm as possible

Support for accreditation and certification bodies that audit and certify ISMS