Security Accreditation and Software Approval with Smart Contracts

Abstract

Security accreditation is a vital process used by governmental, military, and international organizations to verify a proper security posture of communication and information systems. Currently, it is a largely manual, time consuming, and highly repetitive process. Smart contracts could offer an opportunity to automate some parts of the security review, increasing speed, transparency, and predictability of the security accreditation, as well as software approval. We analyze the feasibility of supporting security accreditation with smart contracts and present our proof-of-concept implementation based on Hyperledger Fabric.