Publications Details

Publications / Other Report

Safeguards Information Assurance by Design

Blair, Dianna S.; McCrory, Fredrick M.

The assurance of Safeguards Information is crucial to meet IAEA obligations. Information can be potentially at risk for alteration when it is generated, stored, transmitted, or manipulated (such as in a calculation). Where, when, and how information is assured can vary depending on where in the information lifecycle it exists. Often, information protection measures are not considered until after a system is architected and built or are only applied to a portion of the information system. This typically limits the effectiveness of information assurance, can increase the cost of assuring the information, and can reduce the trust in the information received. Designing information assurance into the architecture of a system can significantly reduce information vulnerability at an affordable cost while improving the trust of the information. This paper discusses safeguards information assurance by design and architectural approaches from a lifecycle perspective including potential tools that can be utilized to help define information assurance requirements and help validate the effectiveness of these requirements as the system transitions through the lifecycle. The tools discussed include risk management tools, architectural approaches, modeling approaches, and red teaming benefits.