Unverified Commit 177e2c11 authored by Aki Braun's avatar Aki Braun
Browse files

Replace security profiles with use cases

parent ae34587e
Loading
Loading
Loading
Loading
+128 −151
Original line number Diff line number Diff line
@@ -548,8 +548,6 @@ Other Union legislation may be applicable to the product(s) falling within the s

<mark>Editor's Note: Even if informative, this Annex is mandatory in CRA Vertical Harmonised Standards, as it implements the risk-based approach prescribed in the CRA Regulation.</mark>

This Annex applies state of the art methodology to identify threats, identify and evaluate the risks, and define security profiles applicable to the product different use cases of the product context.

_The standard may implement an existing methodology, referencing the standards where it is defined. Alternatively, the following structure has been proposed as part of the HAS comments received, that may be adapted as relevant for each vertical:_

_B.1 Assets_
@@ -557,13 +555,12 @@ _B.2 Risk factors_
_B.3 Assumptions_
_B.4 Threats (including connection to risk factors)_
_B.5 Mapping of risk factors to use cases_
_B.6 Mapping of risk factors to security profiles_

_Use technical language and focus what is relevant from a product perspective_

## B.0 Introduction

This Annex applies state of the art methodology to identify threats, identify and evaluate the risks, and define security profiles applicable to the product different use cases of the product context.
This Annex applies state of the art methodology to identify threats and identify & evaluate risks based on product use cases.

## B.1 Assets

@@ -717,7 +714,7 @@ Rationale: Different consequences change the impact of compromise of Protected D

### C.3.4 Attacker has limited resources

**[AS-LR]:** An attacker will use limited resources in proportion to the value of the assets of the product in each security profile.
**[AS-LR]:** An attacker will use limited resources in proportion to the value of the assets of the product in each use case.

## C.4 Threats and security analysis

@@ -733,7 +730,7 @@ For the purposes of the list of threats, the product includes:

### C.4.2 Security analysis methodology

Risk factor levels for each security profile are determined by reading the descriptions for each risk factor level and choosing the one that most accurately represents the highest risk for the use case.
Risk factor levels are determined by reading the descriptions for each risk factor and choosing the level that most accurately represents the highest risk for the use case being analysed.

For each threat, a formula based on the risk factor levels is used to calculate the Likelihood and Impact of the threat, on a scale of Low, Medium, and High.

@@ -745,17 +742,17 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati

**Table C.4.3-1: Unknown exploitable vulnerabilities**

| Risk factors           | Likelihood | Security profiles |
|------------------------|------------|-------------------|
| max(PER, FUN, COM) = 2 | High       | SP-3, SP-4, SP-5  |
| all others             | Medium     | SP-1, SP-2        |
| Risk factors           | Likelihood | Use cases        |
|------------------------|------------|------------------|
| max(PER, FUN, COM) = 2 | High       | UC-3, UC-4, UC-5 |
| all others             | Medium     | UC-1, UC-2       |

**Table C.4.3-2: Unknown exploitable vulnerabilities**

| Risk factors           | Impact | Security profiles |
| Risk factors           | Impact | Use cases |
|------------------------|--------|-------------------|
| max(PER, FUN, COM) = 2 | High   | SP-3, SP-4, SP-5  |
| all others             | Medium | SP-1, SP-2        |
| max(PER, FUN, COM) = 2 | High   | UC-3, UC-4, UC-5  |
| all others             | Medium | UC-1, UC-2        |

Requirements that mitigate this threat: SSDD, NUTI, LOGG

@@ -775,17 +772,17 @@ Attacker may use known exploitable vulnerabilities in the product implementation

**Table C.4.4-1: Known exploitable vulnerabilities**

| Risk factors           | Likelihood | Security profiles      |
| Risk factors           | Likelihood | Use cases      |
|------------------------|------------|------------------------|
| max(PER, FUN, COM) > 0 | High       | SP-2, SP-3, SP-4, SP-5 |
| all others             | Medium     | SP-1                   |
| max(PER, FUN, COM) > 0 | High       | UC-2, UC-3, UC-4, UC-5 |
| all others             | Medium     | UC-1                   |

**Table C.4.4-2: Known exploitable vulnerabilities**

| Risk factors      | Impact | Security profiles      |
| Risk factors      | Impact | Use cases      |
|-------------------|--------|------------------------|
| max(PER, FUN) > 0 | High   | SP-2, SP-3, SP-4, SP-5 |
| all others        | Medium | SP-1                   |
| max(PER, FUN) > 0 | High   | UC-2, UC-3, UC-4, UC-5 |
| all others        | Medium | UC-1                   |

Requirements that mitigate this threat: NKEV, SSDD, SCUD, NUTI, LOGG, VULH

@@ -804,19 +801,19 @@ Attacker may gain unauthorized access to an endpoint in a manner not under contr

**Table C.4.5-1: Unauthorized endpoint access**

| Risk factors       | Likelihood | Security profiles |
| Risk factors       | Likelihood | Use cases |
|--------------------|------------|-------------------|
| max(PER, FUN) = 2  | High       | SP-3, SP-4, SP-5  |
| all others         | Medium     | SP-2              |
| max (PER, FUN) = 0 | Low        | SP-1              |
| max(PER, FUN) = 2  | High       | UC-3, UC-4, UC-5  |
| all others         | Medium     | UC-2              |
| max (PER, FUN) = 0 | Low        | UC-1              |

**Table C.4.5-2: Unauthorized endpoint access**

| Risk factors       | Impact | Security profiles |
| Risk factors       | Impact | Use cases |
|--------------------|--------|-------------------|
| max(PER, FUN) = 2  | High   | SP-3, SP-4, SP-5  |
| all others         | Medium | SP-2              |
| max (PER, FUN) = 0 | Low    | SP-1              |
| max(PER, FUN) = 2  | High   | UC-3, UC-4, UC-5  |
| all others         | Medium | UC-2              |
| max (PER, FUN) = 0 | Low    | UC-1              |

Requirements that mitigate this threat: AUTH, DMIN, CDST

@@ -836,19 +833,19 @@ Attacker launches denial of service attack on remote data processing solution.

**Table C.4.6-1: Denial of service on remote data processing**

| Risk factors                  | Likelihood | Security profiles |
| Risk factors                  | Likelihood | Use cases |
|-------------------------------|------------|-------------------|
| RDP = 2 & max(PER, FUN) = 2   | High       | SP-3, SP-4, SP-5  |
| all others                    | Medium     | SP-2              |
| RDP = 0 or PER = 0 or FUN = 0 | Low        | SP-1              |
| RDP = 2 & max(PER, FUN) = 2   | High       | UC-3, UC-4, UC-5  |
| all others                    | Medium     | UC-2              |
| RDP = 0 or PER = 0 or FUN = 0 | Low        | UC-1              |

**Table C.4.6-2: Denial of service on remote data processing**

| Risk factors       | Impact | Security profiles |
| Risk factors       | Impact | Use cases |
|--------------------|--------|-------------------|
| max(PER, FUN) = 2  | High   | SP-3, SP-4, SP-5  |
| all others         | Medium | SP-2              |
| max (PER, FUN) = 0 | Low    | SP-1              |
| max(PER, FUN) = 2  | High   | UC-3, UC-4, UC-5  |
| all others         | Medium | UC-2              |
| max (PER, FUN) = 0 | Low    | UC-1              |

Requirements that mitigate this threat: AVAI

@@ -868,19 +865,19 @@ Attacker may read or modify traffic by capturing and relaying activity to and fr

**Table C.4.7-1: Machine-in-the-middle**

| Risk factors      | Likelihood | Security profiles |
| Risk factors      | Likelihood | Use cases |
|-------------------|------------|-------------------|
| max(PER, FUN) = 2 | High       | SP-3, SP-4, SP-5  |
| all others        | Medium     | SP-2              |
| max(PER, FUN) = 0 | Low        | SP-1              |
| max(PER, FUN) = 2 | High       | UC-3, UC-4, UC-5  |
| all others        | Medium     | UC-2              |
| max(PER, FUN) = 0 | Low        | UC-1              |

**Table C.4.7-2: Machine-in-the-middle**

| Risk factors       | Impact | Security profiles |
| Risk factors       | Impact | Use cases |
|--------------------|--------|-------------------|
| max(PER, FUN) = 2  | High   | SP-3, SP-4, SP-5  |
| all others         | Medium | SP-2              |
| max (PER, FUN) = 0 | Low    | SP-1              |
| max(PER, FUN) = 2  | High   | UC-3, UC-4, UC-5  |
| all others         | Medium | UC-2              |
| max (PER, FUN) = 0 | Low    | UC-1              |

Table: _Table C.10_

@@ -902,18 +899,18 @@ Attacker may read sensitive data sent outside the VPN connection by the product.

**Table C.4.8-1: Sensitive data leaks**

| Risk factors                 | Likelihood | Security profiles |
| Risk factors                 | Likelihood | Use cases |
|------------------------------|------------|-------------------|
| DNC = 2 & max(PER, FUN) = 2  | High       | SP-3, SP-4, SP-5  |
| all others                   | Medium     | SP-2              |
| DNC = 0 or max(PER, FUN) = 0 | Low        | SP-1              |
| DNC = 2 & max(PER, FUN) = 2  | High       | UC-3, UC-4, UC-5  |
| all others                   | Medium     | UC-2              |
| DNC = 0 or max(PER, FUN) = 0 | Low        | UC-1              |

**Table C.4.8-2: Sensitive data leaks**

| Risk factors | Impact | Security profiles |
| Risk factors | Impact | Use cases |
|--------------|--------|-------------------|
| PER = 2      | High   | SP-3, SP-4, SP-5  |
| all others   | Medium | SP-1, SP-2        |
| PER = 2      | High   | UC-3, UC-4, UC-5  |
| all others   | Medium | UC-1, UC-2        |

Requirements that mitigate this threat: ROUT, CONF, DNSL, IPv6, CRYPT

@@ -933,19 +930,19 @@ Attacker may read sensitive data transmitted without encryption in a single endp

**Table C.4.9-1: Transmitting sensitive data in the clear in a single endpoint VPN**

| Risk factors                            | Likelihood | Security profiles |
| Risk factors                            | Likelihood | Use cases |
|-----------------------------------------|------------|-------------------|
| CON = 0 & CFG > 0 & max(PER, FUN) = 2)  | High       | SP-3              |
| all others                              | Medium     | SP-2              |
| CON > 0 or CFG = 0 or max(PER, FUN) = 0 | Low        | SP-1, SP-4, SP-5  |
| CON = 0 & CFG > 0 & max(PER, FUN) = 2)  | High       | UC-3              |
| all others                              | Medium     | UC-2              |
| CON > 0 or CFG = 0 or max(PER, FUN) = 0 | Low        | UC-1, UC-4, UC-5  |

**Table C.4.9-2: Transmitting sensitive data in the clear in a single endpoint VPN**

| Risk factors                 | Impact | Security profiles |
| Risk factors                 | Impact | Use cases |
|------------------------------|--------|-------------------|
| CON = 0 & max(PER, FUN) = 2  | High   | SP-3              |
| all others                   | Medium | SP-2              |
| CON > 0 or max(PER, FUN) = 0 | Low    | SP-1, SP-4, SP-5  |
| CON = 0 & max(PER, FUN) = 2  | High   | UC-3              |
| all others                   | Medium | UC-2              |
| CON > 0 or max(PER, FUN) = 0 | Low    | UC-1, UC-4, UC-5  |

Requirements that mitigate this threat: EISO, CRYPT, AUTH, ROUT, DNSL

@@ -965,19 +962,19 @@ Attacker may read sensitive data transmitted without encryption in a VPN which c

**Table C.4.10-1: Transmitting sensitive data in the clear in multi-endpoint VPN**

| Risk factors                            | Likelihood | Security profiles |
| Risk factors                            | Likelihood | Use cases |
|-----------------------------------------|------------|-------------------|
| CON > 0 & CFG > 0 & max(PER, FUN) = 2   | High       | SP-4, SP-5        |
| CON > 0 & CFG > 0 & max(PER, FUN) = 2   | High       | UC-4, UC-5        |
| all others                              | Medium     | none              |
| CON = 0 or CFG = 0 or max(PER, FUN) = 0 | Low        | SP-1, SP-2, SP-3  |
| CON = 0 or CFG = 0 or max(PER, FUN) = 0 | Low        | UC-1, UC-2, UC-3  |

**Table C.4.10-2: Transmitting sensitive data in the clear in multi-endpoint VPN**

| Risk factors                 | Impact | Security profiles |
| Risk factors                 | Impact | Use cases |
|------------------------------|--------|-------------------|
| CON > 0 & max(PER, FUN) = 2  | High   | SP-4, SP-5        |
| CON > 0 & max(PER, FUN) = 2  | High   | UC-4, UC-5        |
| all others                   | Medium | none              |
| CON = 0 or max(PER, FUN) = 0 | Low    | SP-1, SP-2, SP-3  |
| CON = 0 or max(PER, FUN) = 0 | Low    | UC-1, UC-2, UC-3  |

Requirements that mitigate this threat: CRYPT, AUTH, ROUT, DNSL

@@ -997,18 +994,18 @@ Attacker may attempt to authenticate in an unauthorized manner to get access to

**Table C.4.11-1: Unauthorized authentication**

| Risk factors      | Likelihood | Security profiles |
| Risk factors      | Likelihood | Use cases |
|-------------------|------------|-------------------|
| max(PER, FUN) = 2 | High       | SP-3, SP-4, SP-5  |
| all others        | Medium     | SP-1, SP-2        |
| max(PER, FUN) = 2 | High       | UC-3, UC-4, UC-5  |
| all others        | Medium     | UC-1, UC-2        |

**Table C.4.11-2: Unauthorized authentication**

| Risk factors       | Impact | Security profiles |
| Risk factors       | Impact | Use cases |
|--------------------|--------|-------------------|
| max(PER, FUN) = 2  | High   | SP-3, SP-4, SP-5  |
| all others         | Medium | SP-2              |
| max (PER, FUN) = 0 | Low    | SP-1              |
| max(PER, FUN) = 2  | High   | UC-3, UC-4, UC-5  |
| all others         | Medium | UC-2              |
| max (PER, FUN) = 0 | Low    | UC-1              |

Requirements that mitigate this threat: AUTH, LOGG

@@ -1028,17 +1025,17 @@ Attacker may remove evidence of compromise from the endpoint.

**Table C.4.12-1: Attacker removes evidence of compromise**

| Risk factors      | Likelihood | Security profiles |
| Risk factors      | Likelihood | Use cases |
|-------------------|------------|-------------------|
| max(PER, FUN) = 2 | High       | SP-3, SP-4, SP-5  |
| all others        | Low        | SP-1, SP-2        |
| max(PER, FUN) = 2 | High       | UC-3, UC-4, UC-5  |
| all others        | Low        | UC-1, UC-2        |

**Table C.4.12-2: Attacker removes evidence of compromise**

| Risk factors      | Impact | Security profiles |
| Risk factors      | Impact | Use cases |
|-------------------|--------|-------------------|
| max(PER, FUN) = 2 | High   | SP-3, SP-4, SP-5  |
| all others        | Low    | SP-1, SP-2        |
| max(PER, FUN) = 2 | High   | UC-3, UC-4, UC-5  |
| all others        | Low    | UC-1, UC-2        |

Requirements that mitigate this threat: LOGG

@@ -1058,19 +1055,19 @@ Attacker may use configuration errors to get unauthorized access to product asse

**Table C.4.13-1: Access to assets via configuration errors in single endpoint VPN**

| Risk factors                                                 | Likelihood | Security profiles |
| Risk factors                                                 | Likelihood | Use cases |
|--------------------------------------------------------------|------------|-------------------|
| CON = 0 & CFG > 0 & max(ADM, COM) = 2 & max(PER, FUN) = 2    | High       | SP-3              |
| all others                                                   | Medium     | SP-2              |
| CON > 0 or CFG = 0 or max(ADM, COM) = 0 or max(PER, FUN) = 0 | Low        | SP-1, SP-4, SP-5  |
| CON = 0 & CFG > 0 & max(ADM, COM) = 2 & max(PER, FUN) = 2    | High       | UC-3              |
| all others                                                   | Medium     | UC-2              |
| CON > 0 or CFG = 0 or max(ADM, COM) = 0 or max(PER, FUN) = 0 | Low        | UC-1, UC-4, UC-5  |

**Table C.4.13-2: Access to assets via configuration errors in single endpoint VPN**

| Risk factors                 | Impact | Security profiles |
| Risk factors                 | Impact | Use cases |
|------------------------------|--------|-------------------|
| CON = 0 & max(PER, FUN) = 2  | High   | SP-3              |
| all others                   | Medium | SP-2              |
| CON > 0 or max(PER, FUN) = 0 | Low    | SP-1, SP-4, SP-5  |
| CON = 0 & max(PER, FUN) = 2  | High   | UC-3              |
| all others                   | Medium | UC-2              |
| CON > 0 or max(PER, FUN) = 0 | Low    | UC-1, UC-4, UC-5  |

Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG

@@ -1090,19 +1087,19 @@ Attacker may use configuration errors to get unauthorized access to product asse

**Table C.4.14-1: Access to assets via configuration errors in a multi-endpoint VPN**

| Risk factors                                                 | Likelihood | Security profiles |
| Risk factors                                                 | Likelihood | Use cases |
|--------------------------------------------------------------|------------|-------------------|
| CON > 0 & CFG > 0 & max(ADM, COM) = 2 & max(PER, FUN) = 2    | High       | SP-5              |
| all others                                                   | Medium     | SP-4              |
| CON = 0 or CFG = 0 or max(ADM, COM) = 0 or max(PER, FUN) = 0 | Low        | SP-1, SP-2, SP-3  |
| CON > 0 & CFG > 0 & max(ADM, COM) = 2 & max(PER, FUN) = 2    | High       | UC-5              |
| all others                                                   | Medium     | UC-4              |
| CON = 0 or CFG = 0 or max(ADM, COM) = 0 or max(PER, FUN) = 0 | Low        | UC-1, UC-2, UC-3  |

**Table C.4.14-2: Access to assets via configuration errors in a multi-endpoint VPN**

| Risk factors                 | Impact | Security profiles |
| Risk factors                 | Impact | Use cases |
|------------------------------|--------|-------------------|
| CON > 0 & max(PER, FUN) = 2  | High   | SP-4, SP-5        |
| CON > 0 & max(PER, FUN) = 2  | High   | UC-4, UC-5        |
| all others                   | Medium | none              |
| CON = 0 or max(PER, FUN) = 0 | Low    | SP-1, SP-2, SP-3  |
| CON = 0 or max(PER, FUN) = 0 | Low    | UC-1, UC-2, UC-3  |

Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG

@@ -1122,17 +1119,17 @@ Attacker may use user metadata such as IP addresses and traffic analysis to comp

**Table C.4.15-1: Compromise of Personal Data due to metadata and traffic analysis**

| Risk factors        | Likelihood | Security profiles      |
| Risk factors        | Likelihood | Use cases      |
|---------------------|------------|------------------------|
| PER = 2 & & FUN = 2 | High       | SP-3                   |
| all others          | Medium     | SP-1, SP-2, SP-4, SP-5 |
| PER = 2 & & FUN = 2 | High       | UC-3                   |
| all others          | Medium     | UC-1, UC-2, UC-4, UC-5 |

**Table C.4.15-2: Compromise of Personal Data due to metadata and traffic analysis**

| Risk factors | Impact | Security profiles      |
| Risk factors | Impact | Use cases      |
|--------------|--------|------------------------|
| PER = 2      | High   | SP-3                   |
| all others   | Medium | SP-1, SP-2, SP-4, SP-5 |
| PER = 2      | High   | UC-3                   |
| all others   | Medium | UC-1, UC-2, UC-4, UC-5 |

Requirements that mitigate this threat:

@@ -1152,19 +1149,19 @@ Attacker may gain access to product via its remote data processing due to insuff

**Table C.4.16-1: RDPS compromise and isolation**

| Risk factors                  | Likelihood | Security profiles |
| Risk factors                  | Likelihood | Use cases |
|-------------------------------|------------|-------------------|
| RDP = 2 & PER = 2 & FUN = 2   | High       | SP-3, SP-5        |
| all others                    | Medium     | SP-4              |
| RDP = 0 or PER = 0 or FUN = 0 | Low        | SP-1, SP-2        |
| RDP = 2 & PER = 2 & FUN = 2   | High       | UC-3, UC-5        |
| all others                    | Medium     | UC-4              |
| RDP = 0 or PER = 0 or FUN = 0 | Low        | UC-1, UC-2        |

**Table C.4.16-2: RDPS compromise and isolation**

| Risk factors      | Impact | Security profiles |
| Risk factors      | Impact | Use cases |
|-------------------|--------|-------------------|
| PER = 2 & FUN = 2 | High   | SP-3, SP-5        |
| all others        | Medium | SP-2, SP-4        |
| PER = 0 & FUN = 0 | Low    | SP-1              |
| PER = 2 & FUN = 2 | High   | UC-3, UC-5        |
| all others        | Medium | UC-2, UC-4        |
| PER = 0 & FUN = 0 | Low    | UC-1              |

Requirements that mitigate this threat: TODO

@@ -1184,19 +1181,19 @@ Attacker may get unauthorized access to confidential data stored on the product

**Table C.4.17-1: Access to data via access to used product**

| Risk factors      | Likelihood | Security profiles |
| Risk factors      | Likelihood | Use cases |
|-------------------|------------|-------------------|
| ADM > 0 & PER = 2 | High       | SP-3, SP-4        |
| all others        | Medium     | SP-2, SP-5        |
| PER = 0           | Low        | SP-1              |
| ADM > 0 & PER = 2 | High       | UC-3, UC-4        |
| all others        | Medium     | UC-2, UC-5        |
| PER = 0           | Low        | UC-1              |

**Table C.4.17-1: Access to data via access to used product**

| Risk factors | Impact | Security profiles |
| Risk factors | Impact | Use cases |
|--------------|--------|-------------------|
| PER = 2      | High   | SP-3, SP-4, SP-5  |
| all others   | Medium | SP-2,             |
| PER = 0      | Low    | SP-1              |
| PER = 2      | High   | UC-3, UC-4, UC-5  |
| all others   | Medium | UC-2,             |
| PER = 0      | Low    | UC-1              |

Requirements that mitigate this threat: AUTH, CDST, SCDL, SDRF

@@ -1216,17 +1213,17 @@ Attacker may get unauthorized access to Personal Data stored or transmitted by t

**Table C.4.18-1: Compromise of Personal Data stored or transmitted by the product**

| Risk factors      | Likelihood | Security profiles      |
| Risk factors      | Likelihood | Use cases      |
|-------------------|------------|------------------------|
| PER = 2 & FUN = 2 | High       | SP-3                   |
| all others        | Medium     | SP-1, SP-2, SP-4, SP-5 |
| PER = 2 & FUN = 2 | High       | UC-3                   |
| all others        | Medium     | UC-1, UC-2, UC-4, UC-5 |

**Table C.4.18-2: Compromise of Personal Data stored or transmitted by the product**

| Risk factors | Impact | Security profiles      |
| Risk factors | Impact | Use cases      |
|--------------|--------|------------------------|
| PER = 2      | High   | SP-3                   |
| all others   | Medium | SP-1, SP-2, SP-4, SP-5 |
| PER = 2      | High   | UC-3                   |
| all others   | Medium | UC-1, UC-2, UC-4, UC-5 |

Requirements that mitigate this threat: AUTH, DMIN, CRYPT, AUTH, ROUT, DNSL, CDST, SCDL, SDRF, LOGG

@@ -1237,39 +1234,19 @@ Mitigations for Impact:
* Medium to Low: NPER-1
* High to Low: NPER-1, NPER-2, NPER-3, NPER-4, LOGG-4, LOGG-5

## C.5 Mapping of use cases to risk factors and security profiles

**Table C.5-1: Mapping of use cases to risk factors and security profiles**

| Use case | Description                 | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER | SP   |
|----------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|------|
| UC-1     | Individual consumer         | 1   | 0   | 0   | 2   | 2   | 2   | 0   | 0   | 0   | SP-1 |
| UC-2     | Privacy conscious household | 1   | 0   | 1   | 1   | 1   | 2   | 1   | 0   | 1   | SP-2 |
| UC-3     | Journalist or activist      | 1   | 1   | 2   | 2   | 2   | 2   | 1   | 0   | 2   | SP-3 |
| UC-4     | Small organization          | 2   | 2   | 1   | 1   | 2   | 2   | 2   | 1   | 1   | SP-4 |
| UC-5     | Large enterprise            | 2   | 2   | 2   | 0   | 2   | 2   | 2   | 2   | 1   | SP-4 |
| UC-6     | Enterprise client software  | 1   | 0   | 2   | 1   | 0   | 0   | 2   | 0   | 1   | SP-6 |
| UC-7     | Mesh network                | 2   | 2   | 1   | 1   | 1   | 2   | 2   | 0   | 1   | SP-7 |

## C.6 Security profiles

### C.6.1 General

Security profiles are an informative resource to the assessor. Each security profile is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each cybersecurity requirements necessary to treat the risk.

### C.6.2 Mapping of security profiles to risk factors
## C.5 Mapping of use cases to risk factors

**Table C.6.2-1: Mapping of security profiles to risk factors**
**Table C.5-1: Mapping of use cases to risk factors**

| Security Profile | Description                 | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER |
|------------------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|
| SP-1             | Individual consumer         | 1   | 0   | 0   | 2   | 2   | 2   | 0   | 0   | 0   |
| SP-2             | Privacy conscious household | 1   | 0   | 1   | 1   | 0   | 2   | 1   | 0   | 1   |
| SP-3             | Journalist or activist      | 1   | 1   | 2   | 2   | 2   | 2   | 1   | 0   | 2   |
| SP-4             | Small organization          | 2   | 2   | 1   | 1   | 1   | 2   | 2   | 1   | 1   |
| SP-5             | Large enterprise            | 2   | 2   | 2   | 0   | 1   | 2   | 2   | 2   | 1   |
| SP-6             | Enterprise client software  | 1   | 0   | 2   | 1   | 0   | 0   | 2   | 0   | 1   |
| SP-7             | Mesh network                | 2   | 2   | 1   | 1   | 1   | 2   | 2   | 0   | 1   |
| Use case | Description                 | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER |
|----------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|
| UC-1     | Individual consumer         | 1   | 0   | 0   | 2   | 2   | 2   | 0   | 0   | 0   |
| UC-2     | Privacy conscious household | 1   | 0   | 1   | 1   | 1   | 2   | 1   | 0   | 1   |
| UC-3     | Journalist or activist      | 1   | 1   | 2   | 2   | 2   | 2   | 1   | 0   | 2   |
| UC-4     | Small organization          | 2   | 2   | 1   | 1   | 2   | 2   | 2   | 1   | 1   |
| UC-5     | Large enterprise            | 2   | 2   | 2   | 0   | 2   | 2   | 2   | 2   | 1   |
| UC-6     | Enterprise client software  | 1   | 0   | 2   | 1   | 0   | 0   | 2   | 0   | 1   |
| UC-7     | Mesh network                | 2   | 2   | 1   | 1   | 1   | 2   | 2   | 0   | 1   |

## C.7 Risks not treated by the requirements

+11 −11

File changed.

Preview size limit exceeded, changes collapsed.