This document provides the foundations and concepts for the cybersecurity evaluation of complex systems. Two frameworks are defined: • The first is used to specify the cybersecurity of a complex system, including system of systems. • The second is used to evaluate the corresponding cybersecurity solutions. The frameworks use basic architecture concepts: • to enable description of reference or solution cybersecurity architectures; • to support model-based, comprehensive and scalable security solutions and their evaluation; and. • to allow for the definition of architecture-based cybersecurity profiles (ACP) and hierarchies of profiles.