Security

Calling security requirements non-functional requirements may sound counterintuitive to security engineers, but in the traditional systems engineering sense they are non-functional. Requirements management has to do with the process of gathering requirements, and then analyzing and decomposing those requirements to be fed into a system design. In many cases, this requires derivation of requirements from a source into more system-specific requirements.

Finding the sources of security requirements is a primary objective when handling security non-functional requirements. One of these sources is threat modeling.