The TSF recognises that software only requires a level of trustworthiness commensurate to the purpose for which it is used and therefore advocates a risk-based approach to determine the Trustworthiness Level (TL) of the software (based upon the role of the software in the system/ service and the maximum impact that a defect/deviation would have on the system/service).
The TSF recognises that software only requires a level of trustworthiness commensurate to the purpose for which it is used and therefore advocates a risk-based approach to determine the Trustworthiness Level (TL) of the software (based upon the role of the software in the system/ service and the maximum impact that a defect/deviation would have on the system/service).
There are 4 assignable levels of trustworthiness:
TL1 Essential Practices: Software trustworthiness delivered in a due diligence manner
TL2 Assessed Practices: Software trustworthiness delivered by managed processes
TL3 Enhanced Practices: Software trustworthiness delivered by established processes
TL4 Specialist Practices: Software trustworthiness delivered by predictable or optimising processes
It is intended that the TL be used to determine the appropriate set of controls to be applied to the software asset (Comprehensive Set or Baseline Set), thereby ensuring that the controls used to ensure trustworthiness are sufficient without being excessive.