Loading EN-304-620-1.md +148 −78 Original line number Diff line number Diff line Loading @@ -511,8 +511,8 @@ Once the present document is cited in the Official Journal of the European Union | Data minimisation | DMIN | | Availability protection | AVAI | | Minimise impact on other devices or services | NUTI | | Limit attack surface | NUTI | | Exploit mitigation by limiting incident impact | NUTI | | Limit attack surface | EISO, NUTI | | Exploit mitigation by limiting incident impact | EISO, NUTI | | Logging and monitoring mechanisms | LOGG | | Secure deletion and data transfer | SCDL, SDTR | | Vulnerability handling | VULH | Loading Loading @@ -721,19 +721,19 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati | Risk factors | Likelihood | Security profiles | |------------------------|------------|-------------------| | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4 | | all others | Medium | SP-2, SP-1 | | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4, SP-5 | | all others | Medium | SP-1, SP-2 | Table: _Table C.1_ | Risk factors | Impact | Security profiles | |------------------------|--------|-------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4 | | all others | Medium | SP-1 | | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4, SP-5 | | all others | Medium | SP-1, SP-2 | Table: _Table C.2_ Requirements that mitigate this threat: SSDD, NUTI, NPII, LOGG Requirements that mitigate this threat: SSDD, NUTI, LOGG Mitigations for Likelihood: Loading @@ -743,29 +743,29 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1, CDST * Medium to Low: LOGG-1, CDST * High to Low: NPII-\*, LOGG-\*, CDST * High to Low: LOGG-\*, CDST ### C.4.4 TH-KEVU: Known exploitable vulnerabilities Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorised access to product assets. | Risk factors | Likelihood | Security profiles | |-----------------------------------|------------|-------------------| |----------------------------------|------------|------------------------| | max(DAT, FUN, COM) = 2 & ADM = 2 | High | SP-4 | | all others | Medium | SP-1, SP-2, SP-3 | | all others | Medium | SP-1, SP-2, SP-3, SP-5 | Table: _Table C.3_ | Risk factors | Impact | Security profiles | |------------------------|--------|-------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4 | |------------------------|--------|------------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4, SP-5 | | all others | Medium | SP-1 | Table: _Table C.4_ Requirements that mitigate this threat: NKEV, SSDD, SCUD, NPII, LOGG, VULH Requirements that mitigate this threat: NKEV, SSDD, SCUD, LOGG, VULH All mitigations from TH-UEVU apply (using that requirement's risk formula), in addition to: Loading Loading @@ -805,9 +805,9 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: AUTH-3, AUTH-5, NPII-1, CDST * Medium to Low: AUTH-3, AUTH-5, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, NPII-1, NPII-2, NPII-4, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, CDST ### C.4.6 TH-RDOS: Denial of service on remote data processing Loading Loading @@ -863,7 +863,7 @@ Table: _Table C.9_ Table: _Table C.10_ Requirements that mitigate this threat: CRYPT, NPII, LOGG Requirements that mitigate this threat: CRYPT, LOGG Mitigations for Likelihood: Loading @@ -875,7 +875,7 @@ Mitigations for Impact: * Medium to Low: LOGG-1 * High to Low: LOGG-\*, NPII-2 * High to Low: LOGG-\* ### C.4.8 TH-LEAK: Sensitive data leaks Loading Loading @@ -906,27 +906,27 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1 * Medium to Low: LOGG-1 * High to Low: NPII-\*, LOGG-\* * High to Low: LOGG-\* ### C.4.9 TH-PLAN: Transmitting sensitive data in the clear ### C.4.9 TH-PLNS: Transmitting sensitive data in the clear in a single endpoint VPN Attacker may read sensitive data transmitted without encryption. Attacker may read sensitive data transmitted without encryption in a single endpoint VPN. | Risk factors | Likelihood | Security profiles | |------------------------------------------|------------|-------------------| | CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1) | High | SP-3, SP-4 | |------------------------------------------------------|------------|-------------------| | CON = 0 & (CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1)) | High | SP-3 | | all others | Medium | SP-1, SP-2 | | CFG = 0 or (ADM = 0 & COM = 0) | Low | none | | CON > 0 or CFG = 0 or (ADM = 0 & COM = 0) | Low | SP-4, SP-5 | Table: _Table C.13_ | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | |------------------------------|--------|-------------------| | CON = 0 & DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2 | | CON > 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-4, SP-5 | Table: _Table C.14_ Loading @@ -940,9 +940,43 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1 * Medium to Low: LOGG-1 * High to Low: LOGG-\* ### C.4.10 TH-PLNM: Transmitting sensitive data in the clear in multi-endpoint VPN * High to Low: NPII-\*, LOGG-\* Attacker may read sensitive data transmitted without encryption in a VPN which connects multiple endpoints to each other. | Risk factors | Likelihood | Security profiles | |------------------------------------------------------|------------|-------------------| | CON > 0 & (CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1)) | High | SP-4, SP-5 | | all others | Medium | none | | CON = 0 or CFG = 0 or (ADM = 0 & COM = 0) | Low | SP-1, SP-2, SP-3 | Table: _Table C.13_ | Risk factors | Impact | Security profiles | |------------------------------|--------|-------------------| | CON > 0 & DAT = 2 & FUN = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.14_ Requirements that mitigate this threat: NUTI, CRYPT, AUTH, ROUT, DNSL Mitigations for Likelihood: * Medium to Low: NUTI-1, CRYPT-2, ROUT-1, AUTH-1, AUTH-2 * High to Low: NUTI-\*, DNSL-6, CRYPT-\*, ROUT-\*, AUTH-\* Mitigations for Impact: * Medium to Low: LOGG-1 * High to Low: LOGG-\* ### C.4.10 TH-UNAA: Unauthorised authentication Loading @@ -963,19 +997,19 @@ Table: _Table C.15_ Table: _Table C.16_ Requirements that mitigate this threat: EISO, AUTH, LOGG Requirements that mitigate this threat: AUTH, LOGG Mitigations for Likelihood: * Medium to Low: EISO, AUTH-6 * Medium to Low: AUTH-6 * High to Low: EISO, AUTH-6 * High to Low: AUTH-6 Mitigations for Impact: * Medium to Low: NPII-1, AUTH-3, LOGG-1 * Medium to Low: AUTH-3, LOGG-1 * High to Low: NPII-\*, AUTH-3, AUTH-4, AUTH-5, LOGG-\* * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\* ### C.4.11 TH-LDEL: Attacker removes evidence of compromise Loading @@ -996,7 +1030,7 @@ Table: _Table C.17_ Table: _Table C.18_ Requirements that mitigate this threat: LOGG, NPII Requirements that mitigate this threat: LOGG Mitigations for Likelihood: Loading @@ -1006,43 +1040,77 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1 * Medium to Low: CDST * High to Low: NPII-\* * High to Low: CDST ### C.4.12 TH-CONF: Access to assets via configuration errors ### C.4.12 TH-CONF: Access to assets via configuration errors in single endpoint VPN Attacker may use configuration errors to get unauthorised access to product assets. Attacker may use configuration errors to get unauthorised access to product assets in a single endpoint VPN. | Risk factors | Likelihood | Security profiles | |---------------------------------------------------|------------|-------------------| | CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-3, SP-4 | |--------------------------------------------------------------|------------|-------------------| | CON = 0 & CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-3 | | all others | Medium | SP-2 | | CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1 | | CON > 0 or CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-4, SP-5 | Table: _Table C.19_ | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | |------------------------------|--------|-------------------| | CON = 0 & DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2 | | CON > 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-4 | Table: _Table C.20_ Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG Mitigations for Likelihood: * Medium to Low: CONF-5, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: TRAF-1, IPv6-\* Mitigations for Impact: * Medium to Low: AUTH-3, LOGG-1, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST ### C.4.12 TH-CONF: Access to assets via configuration errors in a multi-endpoint VPN Attacker may use configuration errors to get unauthorised access to product assets in a multi-endpoint VPN. | Risk factors | Likelihood | Security profiles | |--------------------------------------------------------------|------------|-------------------| | CON > 0 & CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.19_ | Risk factors | Impact | Security profiles | |------------------------------|--------|-------------------| | CON > 0 & DAT = 2 & FUN = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.20_ Requirements that mitigate this threat: CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, DMIN, LOGG Mitigations for Likelihood: * Medium to Low: CONF-5, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * Medium to Low: CONF-5, (NUTI-1 or TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: EISO, TRAF-1, IPv6-\* * High to Low: NUTI-\*, IPv6-\* Mitigations for Impact: * Medium to Low: NPII-1, AUTH-3, LOGG-1, CDST * Medium to Low: AUTH-3, LOGG-1, CDST * High to Low: NPII-\*, AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST ### C.4.13 TH-META: Data leaks due to metadata and traffic analysis Loading Loading @@ -1229,20 +1297,22 @@ This clause describes the methodology followed in the current text. ## D.2 Mapping of risks to requirements | Threat | Requirements | |--------|------------------------------------------| | UEVU | SSDD, NPII, LOGG, VULH | | KEVU | NKEV, SSDD, NPII, LOGG, VULH | |--------|-------------------------------------------------------------| | UEVU | SSDD, LOGG, VULH | | KEVU | NKEV, SSDD, LOGG, VULH | | UEAC | AUTH, DMIN | | RDOS | AVAI | | MITM | CRYPT, NPII, LOGG | | MITM | CRYPT, LOGG | | LEAK | ROUT, CONF, DNSL, IPv6, CRYPT | | PLAN | CRYPT, SCDL, AUTH, ROUT, DNSL | | UNAA | EISO, AUTH, LOGG | | LDEL | LOGG, NPII | | CONF | CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG | | PLNS | EISO, CRYPT, AUTH, ROUT, DNSL | | PLNM | CRYPT, AUTH, ROUT, DNSL | | UNAA | AUTH, LOGG | | LDEL | LOGG | | CONF | CONF, TRAF, IPv6, CDST, DMIN, LOGG | | META | TODO | | RCOM | TODO | | USED | AUTH, CDST, SCDL, SDEF | | CPII | AUTH, DMIN, CRYPT, AUTH, ROUT, DNSL, CDST, SCDL, SDEF, LOGG | Table: _Table D.1 — Map of risks to requirements_ Loading clauses/5.Requirements.md +2 −3 Original line number Diff line number Diff line Loading @@ -1225,7 +1225,6 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. DNSL-7 1. DNSL-8 1. DOST 1. EISO 1. FDRP 1. IPv6-1 1. IPv6-2 Loading @@ -1233,6 +1232,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. LOGG-1 1. LOGG-2 1. NPII-1 (NUTI-1 or TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. NUTI-1 1. NUTI-2 1. ROUT-1 Loading @@ -1242,5 +1242,4 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. SDRF 1. SDTR 1. SSCA 1. TRAF-1 1. VULH Loading
EN-304-620-1.md +148 −78 Original line number Diff line number Diff line Loading @@ -511,8 +511,8 @@ Once the present document is cited in the Official Journal of the European Union | Data minimisation | DMIN | | Availability protection | AVAI | | Minimise impact on other devices or services | NUTI | | Limit attack surface | NUTI | | Exploit mitigation by limiting incident impact | NUTI | | Limit attack surface | EISO, NUTI | | Exploit mitigation by limiting incident impact | EISO, NUTI | | Logging and monitoring mechanisms | LOGG | | Secure deletion and data transfer | SCDL, SDTR | | Vulnerability handling | VULH | Loading Loading @@ -721,19 +721,19 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati | Risk factors | Likelihood | Security profiles | |------------------------|------------|-------------------| | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4 | | all others | Medium | SP-2, SP-1 | | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4, SP-5 | | all others | Medium | SP-1, SP-2 | Table: _Table C.1_ | Risk factors | Impact | Security profiles | |------------------------|--------|-------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4 | | all others | Medium | SP-1 | | max(DAT, FUN, COM) = 2 | High | SP-3, SP-4, SP-5 | | all others | Medium | SP-1, SP-2 | Table: _Table C.2_ Requirements that mitigate this threat: SSDD, NUTI, NPII, LOGG Requirements that mitigate this threat: SSDD, NUTI, LOGG Mitigations for Likelihood: Loading @@ -743,29 +743,29 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1, CDST * Medium to Low: LOGG-1, CDST * High to Low: NPII-\*, LOGG-\*, CDST * High to Low: LOGG-\*, CDST ### C.4.4 TH-KEVU: Known exploitable vulnerabilities Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorised access to product assets. | Risk factors | Likelihood | Security profiles | |-----------------------------------|------------|-------------------| |----------------------------------|------------|------------------------| | max(DAT, FUN, COM) = 2 & ADM = 2 | High | SP-4 | | all others | Medium | SP-1, SP-2, SP-3 | | all others | Medium | SP-1, SP-2, SP-3, SP-5 | Table: _Table C.3_ | Risk factors | Impact | Security profiles | |------------------------|--------|-------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4 | |------------------------|--------|------------------------| | max(DAT, FUN, COM) > 0 | High | SP-2, SP-3, SP-4, SP-5 | | all others | Medium | SP-1 | Table: _Table C.4_ Requirements that mitigate this threat: NKEV, SSDD, SCUD, NPII, LOGG, VULH Requirements that mitigate this threat: NKEV, SSDD, SCUD, LOGG, VULH All mitigations from TH-UEVU apply (using that requirement's risk formula), in addition to: Loading Loading @@ -805,9 +805,9 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: AUTH-3, AUTH-5, NPII-1, CDST * Medium to Low: AUTH-3, AUTH-5, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, NPII-1, NPII-2, NPII-4, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, CDST ### C.4.6 TH-RDOS: Denial of service on remote data processing Loading Loading @@ -863,7 +863,7 @@ Table: _Table C.9_ Table: _Table C.10_ Requirements that mitigate this threat: CRYPT, NPII, LOGG Requirements that mitigate this threat: CRYPT, LOGG Mitigations for Likelihood: Loading @@ -875,7 +875,7 @@ Mitigations for Impact: * Medium to Low: LOGG-1 * High to Low: LOGG-\*, NPII-2 * High to Low: LOGG-\* ### C.4.8 TH-LEAK: Sensitive data leaks Loading Loading @@ -906,27 +906,27 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1 * Medium to Low: LOGG-1 * High to Low: NPII-\*, LOGG-\* * High to Low: LOGG-\* ### C.4.9 TH-PLAN: Transmitting sensitive data in the clear ### C.4.9 TH-PLNS: Transmitting sensitive data in the clear in a single endpoint VPN Attacker may read sensitive data transmitted without encryption. Attacker may read sensitive data transmitted without encryption in a single endpoint VPN. | Risk factors | Likelihood | Security profiles | |------------------------------------------|------------|-------------------| | CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1) | High | SP-3, SP-4 | |------------------------------------------------------|------------|-------------------| | CON = 0 & (CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1)) | High | SP-3 | | all others | Medium | SP-1, SP-2 | | CFG = 0 or (ADM = 0 & COM = 0) | Low | none | | CON > 0 or CFG = 0 or (ADM = 0 & COM = 0) | Low | SP-4, SP-5 | Table: _Table C.13_ | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | |------------------------------|--------|-------------------| | CON = 0 & DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2 | | CON > 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-4, SP-5 | Table: _Table C.14_ Loading @@ -940,9 +940,43 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1, LOGG-1 * Medium to Low: LOGG-1 * High to Low: LOGG-\* ### C.4.10 TH-PLNM: Transmitting sensitive data in the clear in multi-endpoint VPN * High to Low: NPII-\*, LOGG-\* Attacker may read sensitive data transmitted without encryption in a VPN which connects multiple endpoints to each other. | Risk factors | Likelihood | Security profiles | |------------------------------------------------------|------------|-------------------| | CON > 0 & (CFG = 2 or (CFG > 0 & ADM = 2 & COM > 1)) | High | SP-4, SP-5 | | all others | Medium | none | | CON = 0 or CFG = 0 or (ADM = 0 & COM = 0) | Low | SP-1, SP-2, SP-3 | Table: _Table C.13_ | Risk factors | Impact | Security profiles | |------------------------------|--------|-------------------| | CON > 0 & DAT = 2 & FUN = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.14_ Requirements that mitigate this threat: NUTI, CRYPT, AUTH, ROUT, DNSL Mitigations for Likelihood: * Medium to Low: NUTI-1, CRYPT-2, ROUT-1, AUTH-1, AUTH-2 * High to Low: NUTI-\*, DNSL-6, CRYPT-\*, ROUT-\*, AUTH-\* Mitigations for Impact: * Medium to Low: LOGG-1 * High to Low: LOGG-\* ### C.4.10 TH-UNAA: Unauthorised authentication Loading @@ -963,19 +997,19 @@ Table: _Table C.15_ Table: _Table C.16_ Requirements that mitigate this threat: EISO, AUTH, LOGG Requirements that mitigate this threat: AUTH, LOGG Mitigations for Likelihood: * Medium to Low: EISO, AUTH-6 * Medium to Low: AUTH-6 * High to Low: EISO, AUTH-6 * High to Low: AUTH-6 Mitigations for Impact: * Medium to Low: NPII-1, AUTH-3, LOGG-1 * Medium to Low: AUTH-3, LOGG-1 * High to Low: NPII-\*, AUTH-3, AUTH-4, AUTH-5, LOGG-\* * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\* ### C.4.11 TH-LDEL: Attacker removes evidence of compromise Loading @@ -996,7 +1030,7 @@ Table: _Table C.17_ Table: _Table C.18_ Requirements that mitigate this threat: LOGG, NPII Requirements that mitigate this threat: LOGG Mitigations for Likelihood: Loading @@ -1006,43 +1040,77 @@ Mitigations for Likelihood: Mitigations for Impact: * Medium to Low: NPII-1 * Medium to Low: CDST * High to Low: NPII-\* * High to Low: CDST ### C.4.12 TH-CONF: Access to assets via configuration errors ### C.4.12 TH-CONF: Access to assets via configuration errors in single endpoint VPN Attacker may use configuration errors to get unauthorised access to product assets. Attacker may use configuration errors to get unauthorised access to product assets in a single endpoint VPN. | Risk factors | Likelihood | Security profiles | |---------------------------------------------------|------------|-------------------| | CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-3, SP-4 | |--------------------------------------------------------------|------------|-------------------| | CON = 0 & CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-3 | | all others | Medium | SP-2 | | CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1 | | CON > 0 or CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-4, SP-5 | Table: _Table C.19_ | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | |------------------------------|--------|-------------------| | CON = 0 & DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2 | | CON > 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-4 | Table: _Table C.20_ Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, LOGG Mitigations for Likelihood: * Medium to Low: CONF-5, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: TRAF-1, IPv6-\* Mitigations for Impact: * Medium to Low: AUTH-3, LOGG-1, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST ### C.4.12 TH-CONF: Access to assets via configuration errors in a multi-endpoint VPN Attacker may use configuration errors to get unauthorised access to product assets in a multi-endpoint VPN. | Risk factors | Likelihood | Security profiles | |--------------------------------------------------------------|------------|-------------------| | CON > 0 & CFG > 0 & max(ADM, COM) = 2 & max(DAT, FUN) = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or CFG = 0 or max(ADM, COM) = 0 or max(DAT, FUN) = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.19_ | Risk factors | Impact | Security profiles | |------------------------------|--------|-------------------| | CON > 0 & DAT = 2 & FUN = 2 | High | SP-5 | | all others | Medium | SP-4 | | CON = 0 or DAT = 0 & FUN = 0 | Low | SP-1, SP-2, SP-3 | Table: _Table C.20_ Requirements that mitigate this threat: CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG Requirements that mitigate this threat: CONF, TRAF, IPv6, CDST, DMIN, LOGG Mitigations for Likelihood: * Medium to Low: CONF-5, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * Medium to Low: CONF-5, (NUTI-1 or TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: EISO, TRAF-1, IPv6-\* * High to Low: NUTI-\*, IPv6-\* Mitigations for Impact: * Medium to Low: NPII-1, AUTH-3, LOGG-1, CDST * Medium to Low: AUTH-3, LOGG-1, CDST * High to Low: NPII-\*, AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, LOGG-\*, CDST ### C.4.13 TH-META: Data leaks due to metadata and traffic analysis Loading Loading @@ -1229,20 +1297,22 @@ This clause describes the methodology followed in the current text. ## D.2 Mapping of risks to requirements | Threat | Requirements | |--------|------------------------------------------| | UEVU | SSDD, NPII, LOGG, VULH | | KEVU | NKEV, SSDD, NPII, LOGG, VULH | |--------|-------------------------------------------------------------| | UEVU | SSDD, LOGG, VULH | | KEVU | NKEV, SSDD, LOGG, VULH | | UEAC | AUTH, DMIN | | RDOS | AVAI | | MITM | CRYPT, NPII, LOGG | | MITM | CRYPT, LOGG | | LEAK | ROUT, CONF, DNSL, IPv6, CRYPT | | PLAN | CRYPT, SCDL, AUTH, ROUT, DNSL | | UNAA | EISO, AUTH, LOGG | | LDEL | LOGG, NPII | | CONF | CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG | | PLNS | EISO, CRYPT, AUTH, ROUT, DNSL | | PLNM | CRYPT, AUTH, ROUT, DNSL | | UNAA | AUTH, LOGG | | LDEL | LOGG | | CONF | CONF, TRAF, IPv6, CDST, DMIN, LOGG | | META | TODO | | RCOM | TODO | | USED | AUTH, CDST, SCDL, SDEF | | CPII | AUTH, DMIN, CRYPT, AUTH, ROUT, DNSL, CDST, SCDL, SDEF, LOGG | Table: _Table D.1 — Map of risks to requirements_ Loading
clauses/5.Requirements.md +2 −3 Original line number Diff line number Diff line Loading @@ -1225,7 +1225,6 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. DNSL-7 1. DNSL-8 1. DOST 1. EISO 1. FDRP 1. IPv6-1 1. IPv6-2 Loading @@ -1233,6 +1232,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. LOGG-1 1. LOGG-2 1. NPII-1 (NUTI-1 or TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. NUTI-1 1. NUTI-2 1. ROUT-1 Loading @@ -1242,5 +1242,4 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. SDRF 1. SDTR 1. SSCA 1. TRAF-1 1. VULH
