Document Type


Publication Date



The term assurance has been used for decades in trusted system development to express the notion of confidence in the strength of a specific system or system of systems. The unsolved problem that security engineers must struggle with is the adoption of measures or metrics that can reliably depict the assurance associated with a specific hardware and software architecture. This article reports on a recent attempt to focus needs in this area and suggests various categories of information assurance metrics that may be helpful to an organization that is deciding which set is useful for a specific application.


CrossTalk is sponsored by the U.S.A.F. The copy of record is available from the publisher at

Copyright © 2002 The Authors. All rights reserved.