Submission Review Process

Once the RTP has made a submission, the RABET-V Administrator will review the submitted information and determine which RABET-V activities are necessary for this iteration.

Inputs

  • The RTP’s submission package

  • The RTP’s Process Assessment

  • Prior reviews, if a Revision Submission

Outputs

  • Submission Review Checklist indicating submission type, change list, and which RABET-V activities should be performed in this iteration

Workflow

Review package for completion

See RTP Submission for submission requirements.

Initial submission

All RABET-V activities are required in order to generate the Testing Rules. Ensure all items on the Submission Review Checklist are included in the submission. For each step, indicate on the Submission Review Checklist if the respective item is present or missing.

Revision submission

Some RABET-V activities may not be required. Complete the remainder of the steps in this process to determine which activities are required for this submission. For each step, indicate on the Submission Review Checklist if the respective item is present, missing, or not required.

Validate change list

The approach to validating the change list will vary based on the findings of the prior Process Review:

  1. Reliable: change list validation can be skipped or limited to high-level spot checking

  2. Otherwise: validate the change list by manual or automated means

Record the result in the Submission Review Checklist.

Determine if Process Assessment activity is necessary

The Process Assessment is required when one of the following conditions is true:

  1. The submission is an Initial Submission

  2. The RTP has requested a new Process Assessment in order to generate a new set of Testing Rules or update Software Development Maturity (SDM) scores

  3. It has been more than 18 months since the last Process Assessment was performed

  4. Artifacts provided by the RTP indicate a significant process change has occurred.

Record the result in the Submission Review Checklist.

Determine if Architecture Review activity is necessary

The Architecture Review is required when one of the following conditions is true:

  1. The submission is an Initial Submission

  2. The RTP has requested a new Architecture Review in order to generate a new set of Testing Rules or update Security Services Architectural Maturity (SSAM) scores

  3. The change list indicates the addition, removal, or modification of major architectural components since the last Architecture Review

Record the result in the Submission Review Checklist.

Determine if Security Claims Validation activity is necessary

The Security Claims Validation activity is required when one of the following conditions is true:

  1. The submission is an Initial Submission

  2. The RTP has updated the product goals, expected usage, or security claims.

  3. The RTP has requested a new Security Claims Validation in order to generate a new set of Testing Rules or update Security Services Capability Maturity (SSCM) scores

  4. The change list indicates that prior Security Claims Validation findings need to be reviewed

Record the result in the Submission Review Checklist.