Assurances are confidence-building activities demonstrating that:
- The system's security policy is internally consistent and reflects the requirements of the organization,
- There are sufficient security functions to support the security policy,
- The system functions to meet a desired set of properties and only those properties,
- The functions are implemented correctly, and
- The assurances hold up through the manufacturing, delivery and life cycle of the system.