Security Standard Compliance Verification in System of Systems

Standard compliance in system of systems (SoS) means complying with standards, laws, and regulations that apply to services from several sources and different levels. Compliance is a major challenge in many organizations because any violation will lead to financial penalties, lawsuits fines, or revocation of licenses to operate within specific industrial market. To support the business lifecycle, organizations also need to monitor the actual processes during run time and not only in their design time. Standard compliance verification is important in the lifecycle for reasons, such as detection of noncompliance as well as operational decisions of running processes. With the promotion of connectivity of systems, existing and new security standards can be employed but there are important aspects, such as technically measurable indicators, in the standards and automation of compliance verification that need to be addressed. This article presents an automated and continuous standard compliance verification framework used to check devices, systems, and services for standard compliance during secure onboarding and run time. In addition, a case study for the Eclipse Arrowhead framework is used to demonstrate the functionality of the standard compliance verification in SoS.