Loading EN-304-620-1.md +31 −0 Original line number Diff line number Diff line Loading @@ -1023,6 +1023,36 @@ Mitigations for Impact: * High to Low: TODO ### C.4.15 TH-USED: Access to data via acquisition of used product Attacker may get unauthorized access to confidential data stored on the product through acquisition of a device containing the used product. | Risk factors | Likelihood | Security profiles | |-------------------|------------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements that mitigate this threat: AUTH, CDST, SCDL, SDEF Mitigations for Likelihood: * Medium to Low: (RSET or INST or DELE), SDRF, SDTR * High to Low: (RSET or INST or DELE), SDRF, SDTR Mitigations for Impact: * Medium to Low: AUTH-5, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, CDST ### C.5 Mapping of use cases to risk factors and security profiles | Use case | Description | CFG | AUT | DAT | FUN | ADM | RDP | DNC | COM | SP | Loading Loading @@ -1089,6 +1119,7 @@ This clause describes the methodology followed in the current text. | CONF | CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG | | META | TODO | | RCOM | TODO | | USED | AUTH, CDST, SCDL, SDEF | ## D.3 Risk acceptance criteria Loading clauses/5.Requirements.md +14 −5 Original line number Diff line number Diff line Loading @@ -1141,6 +1141,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUVP or SUAP or SUOE or SUAO) 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 Loading Loading @@ -1170,6 +1171,8 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. VULH Loading @@ -1177,6 +1180,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (FZ95 or BTIN or IMSL) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 Loading Loading @@ -1221,15 +1225,17 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. SUCS 1. SUAU 1. SUVH 1. SURP 1. SUCS 1. SUED 1. SUMV 1. SURC 1. SURP 1. SUSR 1. SUMV 1. SUED 1. SUVH 1. TRAF-1 1. VULH Loading @@ -1237,6 +1243,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 Loading Loading @@ -1268,6 +1275,8 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. TRAF-1 1. VULH Loading
EN-304-620-1.md +31 −0 Original line number Diff line number Diff line Loading @@ -1023,6 +1023,36 @@ Mitigations for Impact: * High to Low: TODO ### C.4.15 TH-USED: Access to data via acquisition of used product Attacker may get unauthorized access to confidential data stored on the product through acquisition of a device containing the used product. | Risk factors | Likelihood | Security profiles | |-------------------|------------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | | Risk factors | Impact | Security profiles | |-------------------|--------|-------------------| | DAT = 2 & FUN = 2 | High | SP-3 | | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements that mitigate this threat: AUTH, CDST, SCDL, SDEF Mitigations for Likelihood: * Medium to Low: (RSET or INST or DELE), SDRF, SDTR * High to Low: (RSET or INST or DELE), SDRF, SDTR Mitigations for Impact: * Medium to Low: AUTH-5, CDST * High to Low: AUTH-3, AUTH-4, AUTH-5, CDST ### C.5 Mapping of use cases to risk factors and security profiles | Use case | Description | CFG | AUT | DAT | FUN | ADM | RDP | DNC | COM | SP | Loading Loading @@ -1089,6 +1119,7 @@ This clause describes the methodology followed in the current text. | CONF | CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG | | META | TODO | | RCOM | TODO | | USED | AUTH, CDST, SCDL, SDEF | ## D.3 Risk acceptance criteria Loading
clauses/5.Requirements.md +14 −5 Original line number Diff line number Diff line Loading @@ -1141,6 +1141,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUVP or SUAP or SUOE or SUAO) 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 Loading Loading @@ -1170,6 +1171,8 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. VULH Loading @@ -1177,6 +1180,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (FZ95 or BTIN or IMSL) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 Loading Loading @@ -1221,15 +1225,17 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. SUCS 1. SUAU 1. SUVH 1. SURP 1. SUCS 1. SUED 1. SUMV 1. SURC 1. SURP 1. SUSR 1. SUMV 1. SUED 1. SUVH 1. TRAF-1 1. VULH Loading @@ -1237,6 +1243,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 Loading Loading @@ -1268,6 +1275,8 @@ This clause lists all the mitigations necessary to meet requirements for each se 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. TRAF-1 1. VULH
