Loading EN-304-620-1.md +98 −0 Original line number Diff line number Diff line Loading @@ -658,6 +658,104 @@ _Table C.1 — Security profiles mapped to risk factors_ _Table C.2 — Security profiles mapped to mitigations_ ### C.4.1 General The approach to listing threats is to separate them by mitigation so that they may be associated with risk factors more directly. For the purposes of the list of threats, the product includes: The risk factors by type are: Likelihood: XXX Impact: XXX For each threat, a table shows how to use the risk factors to calculate the level of likelihood or impact. The levels are Low, Medium, or High. ### C.4.3 List of threats and risk assessments **[TH-XXX]:** Attacker may use known exploitable vulnerabilities in the VPN interface implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use unknown exploitable vulnerabilities in the network interface implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** **[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use network access to get unauthorized access to confidential data transmitted by the product. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may exploit vulnerabilities in the product to reduce availability of product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may exploit vulnerabilities in the product to attack other products. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may masquerade as an authorized server to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use unauthorized access to the product to harm the host system. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: # Annex L (informative): Relationship between the present document and the requirements of EU Regulation 2024/2847 DRAFT ANNEX L - DO NOT CONSIDER THE CONTENT Loading Loading
EN-304-620-1.md +98 −0 Original line number Diff line number Diff line Loading @@ -658,6 +658,104 @@ _Table C.1 — Security profiles mapped to risk factors_ _Table C.2 — Security profiles mapped to mitigations_ ### C.4.1 General The approach to listing threats is to separate them by mitigation so that they may be associated with risk factors more directly. For the purposes of the list of threats, the product includes: The risk factors by type are: Likelihood: XXX Impact: XXX For each threat, a table shows how to use the risk factors to calculate the level of likelihood or impact. The levels are Low, Medium, or High. ### C.4.3 List of threats and risk assessments **[TH-XXX]:** Attacker may use known exploitable vulnerabilities in the VPN interface implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use unknown exploitable vulnerabilities in the network interface implementation to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** **[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use network access to get unauthorized access to confidential data transmitted by the product. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may exploit vulnerabilities in the product to reduce availability of product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may exploit vulnerabilities in the product to attack other products. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may masquerade as an authorized server to get unauthorized access to product assets. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: **[TH-XXX]:** Attacker may use unauthorized access to the product to harm the host system. | Risk factors | Likelihood | |-------------------------------------------|------------| | XXX | High | | XXX | Medium | | XXX | Low | Requirements: # Annex L (informative): Relationship between the present document and the requirements of EU Regulation 2024/2847 DRAFT ANNEX L - DO NOT CONSIDER THE CONTENT Loading
