Loading EN-304-620.md +20 −13 Original line number Diff line number Diff line Loading @@ -446,6 +446,12 @@ See [\[i.3\]](#_ref_i.3) for formal definitions of micro, small, and medium-size * Most of security is managed by other components (gateway for network, local EDR for endpoint security, ....) * Does not see VPN as critical for core business operations * **UC-7** Mesh Network * Client installed on various devices, such as mobile phones, laptops, desktop computers, servers or network devices * Connecting multiple endpoint traffic over untrusted access networks * Administrating user possesses some security knowledge * Does connect endpoints with other endpoints directly # 5 Requirements specifications ::include{file=clauses/5.Requirements.md} Loading Loading @@ -1164,14 +1170,15 @@ Mitigations for Impact: **Table C.5-1: Mapping of use cases to risk factors and security profiles** | Use case | Description | CFG | AUT | PER | FUN | ADM | RDP | DNC | COM | CON | SP | | Use case | Description | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER | SP | |----------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|------| | UC-1 | Individual consumer | 1 | 0 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | SP-1 | | UC-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 1 | 2 | 1 | 0 | SP-2 | | UC-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 0 | SP-3 | | UC-4 | Small organisation | 2 | 2 | 2 | 1 | 1 | 2 | 2 | 2 | 1 | SP-4 | | UC-5 | Large enterprise | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | SP-5 | | UC-1 | Individual consumer | 1 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | 0 | SP-1 | | UC-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 2 | 1 | 0 | 1 | SP-2 | | UC-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 1 | 0 | 2 | SP-3 | | UC-4 | Small organisation | 2 | 2 | 1 | 1 | 2 | 2 | 2 | 1 | 1 | SP-4 | | UC-5 | Large enterprise | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | 1 | SP-4 | | UC-6 | Enterprise client software | 1 | 0 | 2 | 1 | 0 | 0 | 2 | 0 | 1 | SP-6 | | UC-7 | Mesh network | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 1 | SP-7 | ## C.6 Security profiles Loading @@ -1183,15 +1190,15 @@ Security profiles are an informative resource to the assessor. Each security pro **Table C.6.2-1: Mapping of security profiles to risk factors** | Security Profile | Description | CFG | AUT | PER | FUN | ADM | RDP | DNC | COM | CON | | Security Profile | Description | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER | |------------------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-6 | Enterprise client software | 2 | 0 | 2 | 1 | 0 | 0 | 1 | 0 | 1 | | SP-1 | Individual consumer | 1 | 0 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | | SP-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 0 | 2 | 1 | 0 | | SP-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 0 | | SP-4 | Small organisation | 2 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 1 | | SP-5 | Large enterprise | 2 | 2 | 2 | 2 | 0 | 1 | 2 | 2 | 2 | | SP-1 | Individual consumer | 1 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | 0 | | SP-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 0 | 2 | 1 | 0 | 1 | | SP-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 1 | 0 | 2 | | SP-4 | Small organisation | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 1 | 1 | | SP-5 | Large enterprise | 2 | 2 | 2 | 0 | 1 | 2 | 2 | 2 | 1 | | SP-6 | Enterprise client software | 1 | 0 | 2 | 1 | 0 | 0 | 2 | 0 | 1 | | SP-7 | Mesh network | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 1 | # Annex D (informative): Risk evaluation guidance Loading clauses/5.Requirements.md +61 −0 Original line number Diff line number Diff line Loading @@ -1368,3 +1368,64 @@ TODO: update security analysis to better allow for this security profile's needs 1. SUSR 1. SUVH 1. VULH ## 5.3.X SP-7 Mesh VPN required mitigations 1. (FZ95 or BTIN or IMSL) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. AUTH-6 1. CDST 1. CONF-1 1. CONF-2 1. CONF-3 1. CONF-4 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-3 1. DNSL-4 1. DNSL-5 1. DNSL-6 1. DNSL-7 1. DOST 1. EISO 1. FAIR 1. FDRP 1. IPv6-1 1. IPv6-2 1. KEVA 1. KEVD 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPER-1 1. NUTI-1 1. NUTI-2 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. SUAU 1. SUCS 1. SUED 1. SUMV 1. SURC 1. SURP 1. SUSR 1. SUVH 1. TRAF-2 1. TRAF-3 1. TRAF-4 1. VULH No newline at end of file Loading
EN-304-620.md +20 −13 Original line number Diff line number Diff line Loading @@ -446,6 +446,12 @@ See [\[i.3\]](#_ref_i.3) for formal definitions of micro, small, and medium-size * Most of security is managed by other components (gateway for network, local EDR for endpoint security, ....) * Does not see VPN as critical for core business operations * **UC-7** Mesh Network * Client installed on various devices, such as mobile phones, laptops, desktop computers, servers or network devices * Connecting multiple endpoint traffic over untrusted access networks * Administrating user possesses some security knowledge * Does connect endpoints with other endpoints directly # 5 Requirements specifications ::include{file=clauses/5.Requirements.md} Loading Loading @@ -1164,14 +1170,15 @@ Mitigations for Impact: **Table C.5-1: Mapping of use cases to risk factors and security profiles** | Use case | Description | CFG | AUT | PER | FUN | ADM | RDP | DNC | COM | CON | SP | | Use case | Description | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER | SP | |----------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|------| | UC-1 | Individual consumer | 1 | 0 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | SP-1 | | UC-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 1 | 2 | 1 | 0 | SP-2 | | UC-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 0 | SP-3 | | UC-4 | Small organisation | 2 | 2 | 2 | 1 | 1 | 2 | 2 | 2 | 1 | SP-4 | | UC-5 | Large enterprise | 2 | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | SP-5 | | UC-1 | Individual consumer | 1 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | 0 | SP-1 | | UC-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 2 | 1 | 0 | 1 | SP-2 | | UC-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 1 | 0 | 2 | SP-3 | | UC-4 | Small organisation | 2 | 2 | 1 | 1 | 2 | 2 | 2 | 1 | 1 | SP-4 | | UC-5 | Large enterprise | 2 | 2 | 2 | 0 | 2 | 2 | 2 | 2 | 1 | SP-4 | | UC-6 | Enterprise client software | 1 | 0 | 2 | 1 | 0 | 0 | 2 | 0 | 1 | SP-6 | | UC-7 | Mesh network | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 1 | SP-7 | ## C.6 Security profiles Loading @@ -1183,15 +1190,15 @@ Security profiles are an informative resource to the assessor. Each security pro **Table C.6.2-1: Mapping of security profiles to risk factors** | Security Profile | Description | CFG | AUT | PER | FUN | ADM | RDP | DNC | COM | CON | | Security Profile | Description | CFG | AUT | FUN | ADM | RDP | DNC | COM | CON | PER | |------------------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-6 | Enterprise client software | 2 | 0 | 2 | 1 | 0 | 0 | 1 | 0 | 1 | | SP-1 | Individual consumer | 1 | 0 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | | SP-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 1 | 0 | 2 | 1 | 0 | | SP-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 2 | 1 | 0 | | SP-4 | Small organisation | 2 | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 1 | | SP-5 | Large enterprise | 2 | 2 | 2 | 2 | 0 | 1 | 2 | 2 | 2 | | SP-1 | Individual consumer | 1 | 0 | 0 | 2 | 2 | 2 | 0 | 0 | 0 | | SP-2 | Privacy conscious household | 1 | 0 | 1 | 1 | 0 | 2 | 1 | 0 | 1 | | SP-3 | Journalist or activist | 1 | 1 | 2 | 2 | 2 | 2 | 1 | 0 | 2 | | SP-4 | Small organisation | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 1 | 1 | | SP-5 | Large enterprise | 2 | 2 | 2 | 0 | 1 | 2 | 2 | 2 | 1 | | SP-6 | Enterprise client software | 1 | 0 | 2 | 1 | 0 | 0 | 2 | 0 | 1 | | SP-7 | Mesh network | 2 | 2 | 1 | 1 | 1 | 2 | 2 | 0 | 1 | # Annex D (informative): Risk evaluation guidance Loading
clauses/5.Requirements.md +61 −0 Original line number Diff line number Diff line Loading @@ -1368,3 +1368,64 @@ TODO: update security analysis to better allow for this security profile's needs 1. SUSR 1. SUVH 1. VULH ## 5.3.X SP-7 Mesh VPN required mitigations 1. (FZ95 or BTIN or IMSL) 1. (KEVM or KEVT or SCAN) 1. (RSET or INST or DELE) 1. (SUAP or SUAO) 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. AUTH-6 1. CDST 1. CONF-1 1. CONF-2 1. CONF-3 1. CONF-4 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-3 1. DNSL-4 1. DNSL-5 1. DNSL-6 1. DNSL-7 1. DOST 1. EISO 1. FAIR 1. FDRP 1. IPv6-1 1. IPv6-2 1. KEVA 1. KEVD 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPER-1 1. NUTI-1 1. NUTI-2 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SDRF 1. SDTR 1. SSCA 1. SUAU 1. SUCS 1. SUED 1. SUMV 1. SURC 1. SURP 1. SUSR 1. SUVH 1. TRAF-2 1. TRAF-3 1. TRAF-4 1. VULH No newline at end of file
