Current distributed systems increasingly rely on hybrid architectures built on top of IoT, edge, and cloud, backed by dynamically configurable networking technologies like 5G. In this complex environment, traditional security governance solutions cannot provide the holistic view that is needed to manage these systems in an effective and efficient way. In this paper, we propose a security assurance framework for edge and IoT systems based on an advanced architecture capable to deal with 5G-native applications.