Loading EN-304-620-1.md +19 −10 Original line number Diff line number Diff line Loading @@ -810,13 +810,15 @@ Mitigations for Impact: * High to Low: FDRP, LMEM, FAIR ### C.4.x TH-MTM: Attacker attempts to read or modify traffic by capturing and relaying activity between endpoints ### C.4.x TH-MTM: Machine-in-the-middle Attacker attempts to read or modify traffic by capturing and relaying activity to and from endpoints. | Risk factors | Likelihood | Security profiles | |--------------|------------|-------------------| | ADM = 2 | High | SP-1, SP-3 | |-------------------------------|------------|-------------------| | ADM = 2 & DAT = 2 & FUN = 2 | High | SP-1, SP-3 | | all others | Medium | SP-2 | | ADM = 0 | Low | SP-4 | | ADM = 0 or DAT = 0 or FUN = 0 | Low | SP-4 | | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| Loading @@ -826,10 +828,17 @@ Mitigations for Impact: Requirements: CRYPT, NPII, LOGG | Likelihood | Impact | Mitigation | Security profiles | |------------|------------|--------------------------------|-------------------| | High | High | CRYPT-1, CRYPT-2, NPII-2, LOGG | SP-3 | | all others | all others | CRYPT-2, LOGG | SP-1, SP-2, SP-4 | Mitigations for Likelihood: * Medium to Low: CRYPT-2 * High to Low: CRYPT-1, CRYPT-2 Mitigations for Impact: * Medium to Low: LOGG * High to Low: LOGG, NPII-2 ### C.4.x TH-LEK: Attacker reads sensitive data sent outside the VPN connection by the product. Loading Loading
EN-304-620-1.md +19 −10 Original line number Diff line number Diff line Loading @@ -810,13 +810,15 @@ Mitigations for Impact: * High to Low: FDRP, LMEM, FAIR ### C.4.x TH-MTM: Attacker attempts to read or modify traffic by capturing and relaying activity between endpoints ### C.4.x TH-MTM: Machine-in-the-middle Attacker attempts to read or modify traffic by capturing and relaying activity to and from endpoints. | Risk factors | Likelihood | Security profiles | |--------------|------------|-------------------| | ADM = 2 | High | SP-1, SP-3 | |-------------------------------|------------|-------------------| | ADM = 2 & DAT = 2 & FUN = 2 | High | SP-1, SP-3 | | all others | Medium | SP-2 | | ADM = 0 | Low | SP-4 | | ADM = 0 or DAT = 0 or FUN = 0 | Low | SP-4 | | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| Loading @@ -826,10 +828,17 @@ Mitigations for Impact: Requirements: CRYPT, NPII, LOGG | Likelihood | Impact | Mitigation | Security profiles | |------------|------------|--------------------------------|-------------------| | High | High | CRYPT-1, CRYPT-2, NPII-2, LOGG | SP-3 | | all others | all others | CRYPT-2, LOGG | SP-1, SP-2, SP-4 | Mitigations for Likelihood: * Medium to Low: CRYPT-2 * High to Low: CRYPT-1, CRYPT-2 Mitigations for Impact: * Medium to Low: LOGG * High to Low: LOGG, NPII-2 ### C.4.x TH-LEK: Attacker reads sensitive data sent outside the VPN connection by the product. Loading
