Loading EN-304-620-1.md +4 −4 Original line number Diff line number Diff line Loading @@ -722,9 +722,9 @@ All mitigations from TH-UEVU apply (using that requirement's risk formula), in a Mitigations for Likelihood: * Medium to Low: (KEVD or KEVA or KEVT or SCAN), KEVM, (SUVP or SUAP or SUOE or SUAO), VULH * Medium to Low: (KEVD or KEVA), (KEVM or KEVT or SCAN), (SUVP or SUAP or SUOE or SUAO), VULH * High to Low: KEVD, KEVA, (KEVT or SCAN), KEVM, (SUAP or SUAO), VULH * High to Low: KEVD, KEVA, (KEVM or KEVT or SCAN), (SUAP or SUAO), VULH ### C.4.5 TH-UEAC: Unauthorized endpoint access Loading Loading @@ -861,7 +861,7 @@ Attacker may read sensitive data transmitted without encryption. | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements that mitigate this threat: CRYPT, SCDL, AUTH, ROUT, DNSL Requirements that mitigate this threat: CRYPT, AUTH, ROUT, DNSL Mitigations for Likelihood: Loading Loading @@ -953,7 +953,7 @@ Requirements that mitigate this threat: CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG Mitigations for Likelihood: * Medium to Low: CONF-6, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * Medium to Low: CONF-5, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: EISO, TRAF-1, IPv6-\* Loading clauses/5.Requirements.md +103 −87 Original line number Diff line number Diff line Loading @@ -1114,130 +1114,146 @@ Guidance: Data may be protected by the environment, permissions, encryption, sal This clause lists all the mitigations necessary to meet requirements for each security profile. ### 5.3. SP-1 Individual consumer required mitigations ### 5.3.2 SP-1 Individual consumer required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-1 1. (KEVD or KEVA or KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUVP or SUAP or SUOE or SUAO) 1. VULH 1. EISO 1. AUTH-6 1. ROUT-1 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 1. AUTH-2 1. CONF-6 1. EISO 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. IPv6-\* 1. AUTH-6 1. CDST 1. CONF-5 1. EISO 1. IPv6-1 1. IPv6-2 1. LOGG-1 1. NPII-1 1. ROUT-1 1. SCFS 1. SSCA 1. VULH ### 5.3. SP-2 Privacy conscious household required mitigations ### 5.3.3 SP-2 Privacy conscious household required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-1 1. (KEVD or KEVA or KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUVP or SUAP or SUOE or SUAO) 1. VULH 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. NPII-1 1. DOST 1. FDRP 1. LMEM 1. CRYPT-2 1. AUTH-6 1. CDST 1. CONF-3 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-7 1. DNSL-8 1. IPv6-\* 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. CONF-6 1. DOST 1. EISO 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. IPv6-\* 1. CDST 1. FDRP 1. IPv6-1 1. IPv6-2 1. LMEM 1. LOGG-1 1. NPII-1 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. VULH ### 5.3. SP-3 Journalist or activist required mitigations ### 5.3.4 SP-3 Journalist or activist required mitigations 1. SSCA 1. (FZ95 or BTIN or IMSL) 1. SCFS 1. NPII-\* 1. LOGG-\* 1. KEVD 1. KEVA 1. (KEVT or SCAN) 1. KEVM 1. (KEVM or KEVT or SCAN) 1. (SUAP or SUAO) 1. VULH 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. DOST 1. FDRP 1. LMEM 1. FAIR 1. AUTH-6 1. CDST 1. CONF-1 1. CONF-2 1. CONF-3 1. CONF-4 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-3 1. DNSL-4 1. DNSL-5 1. DNSL-6 1. DNSL-7 1. DNSL-8 1. DOST 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. EISO 1. FAIR 1. FDRP 1. IPv6-1 1. IPv6-2 1. KEVA 1. KEVD 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPII-1 1. NPII-2 1. NPII-3 1. NPII-4 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. TRAF-1 1. IPv6-\* 1. CDST 1. CONF-\* 1. DNSL-\* 1. VULH ### 5.3. SP-4 Small organization required mitigations ### 5.3.5 SP-4 Small organization required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-\* 1. KEVD 1. KEVA 1. (KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUAP or SUAO) 1. VULH 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. NPII-1 1. DOST 1. FDRP 1. LMEM 1. CRYPT-\* 1. AUTH-6 1. CDST 1. CONF-3 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-6 1. DNSL-7 1. DNSL-8 1. IPv6-\* 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. DOST 1. EISO 1. FDRP 1. IPv6-1 1. IPv6-2 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPII-1 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. TRAF-1 1. IPv6-\* 1. CDST 1. VULH Loading
EN-304-620-1.md +4 −4 Original line number Diff line number Diff line Loading @@ -722,9 +722,9 @@ All mitigations from TH-UEVU apply (using that requirement's risk formula), in a Mitigations for Likelihood: * Medium to Low: (KEVD or KEVA or KEVT or SCAN), KEVM, (SUVP or SUAP or SUOE or SUAO), VULH * Medium to Low: (KEVD or KEVA), (KEVM or KEVT or SCAN), (SUVP or SUAP or SUOE or SUAO), VULH * High to Low: KEVD, KEVA, (KEVT or SCAN), KEVM, (SUAP or SUAO), VULH * High to Low: KEVD, KEVA, (KEVM or KEVT or SCAN), (SUAP or SUAO), VULH ### C.4.5 TH-UEAC: Unauthorized endpoint access Loading Loading @@ -861,7 +861,7 @@ Attacker may read sensitive data transmitted without encryption. | all others | Medium | SP-2, SP-4 | | DAT = 0 & FUN = 0 | Low | SP-1 | Requirements that mitigate this threat: CRYPT, SCDL, AUTH, ROUT, DNSL Requirements that mitigate this threat: CRYPT, AUTH, ROUT, DNSL Mitigations for Likelihood: Loading Loading @@ -953,7 +953,7 @@ Requirements that mitigate this threat: CONF, EISO, TRAF, IPv6, CDST, DMIN, LOGG Mitigations for Likelihood: * Medium to Low: CONF-6, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * Medium to Low: CONF-5, EISO, (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)), IPv6-\* * High to Low: EISO, TRAF-1, IPv6-\* Loading
clauses/5.Requirements.md +103 −87 Original line number Diff line number Diff line Loading @@ -1114,130 +1114,146 @@ Guidance: Data may be protected by the environment, permissions, encryption, sal This clause lists all the mitigations necessary to meet requirements for each security profile. ### 5.3. SP-1 Individual consumer required mitigations ### 5.3.2 SP-1 Individual consumer required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-1 1. (KEVD or KEVA or KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUVP or SUAP or SUOE or SUAO) 1. VULH 1. EISO 1. AUTH-6 1. ROUT-1 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 1. AUTH-2 1. CONF-6 1. EISO 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. IPv6-\* 1. AUTH-6 1. CDST 1. CONF-5 1. EISO 1. IPv6-1 1. IPv6-2 1. LOGG-1 1. NPII-1 1. ROUT-1 1. SCFS 1. SSCA 1. VULH ### 5.3. SP-2 Privacy conscious household required mitigations ### 5.3.3 SP-2 Privacy conscious household required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-1 1. (KEVD or KEVA or KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUVP or SUAP or SUOE or SUAO) 1. VULH 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. NPII-1 1. DOST 1. FDRP 1. LMEM 1. CRYPT-2 1. AUTH-6 1. CDST 1. CONF-3 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-7 1. DNSL-8 1. IPv6-\* 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. CONF-6 1. DOST 1. EISO 1. (TRAF-1 or (TRAF-2 and TRAF-3 and TRAF-4)) 1. IPv6-\* 1. CDST 1. FDRP 1. IPv6-1 1. IPv6-2 1. LMEM 1. LOGG-1 1. NPII-1 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. VULH ### 5.3. SP-3 Journalist or activist required mitigations ### 5.3.4 SP-3 Journalist or activist required mitigations 1. SSCA 1. (FZ95 or BTIN or IMSL) 1. SCFS 1. NPII-\* 1. LOGG-\* 1. KEVD 1. KEVA 1. (KEVT or SCAN) 1. KEVM 1. (KEVM or KEVT or SCAN) 1. (SUAP or SUAO) 1. VULH 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. DOST 1. FDRP 1. LMEM 1. FAIR 1. AUTH-6 1. CDST 1. CONF-1 1. CONF-2 1. CONF-3 1. CONF-4 1. CONF-5 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-3 1. DNSL-4 1. DNSL-5 1. DNSL-6 1. DNSL-7 1. DNSL-8 1. DOST 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. EISO 1. FAIR 1. FDRP 1. IPv6-1 1. IPv6-2 1. KEVA 1. KEVD 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPII-1 1. NPII-2 1. NPII-3 1. NPII-4 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. TRAF-1 1. IPv6-\* 1. CDST 1. CONF-\* 1. DNSL-\* 1. VULH ### 5.3. SP-4 Small organization required mitigations ### 5.3.5 SP-4 Small organization required mitigations 1. SSCA 1. SCFS 1. NPII-1 1. LOGG-\* 1. KEVD 1. KEVA 1. (KEVT or SCAN) 1. KEVM 1. (KEVD or KEVA) 1. (KEVM or KEVT or SCAN) 1. (SUAP or SUAO) 1. VULH 1. AUTH-1 1. AUTH-2 1. AUTH-3 1. AUTH-4 1. AUTH-5 1. NPII-1 1. DOST 1. FDRP 1. LMEM 1. CRYPT-\* 1. AUTH-6 1. CDST 1. CONF-3 1. CRYPT-1 1. CRYPT-2 1. DNSL-1 1. DNSL-2 1. DNSL-6 1. DNSL-7 1. DNSL-8 1. IPv6-\* 1. EISO 1. AUTH-6 1. CRYPT-\* 1. SCDL-\* 1. ROUT-\* 1. AUTH-\* 1. DOST 1. EISO 1. FDRP 1. IPv6-1 1. IPv6-2 1. LMEM 1. LOGG-1 1. LOGG-2 1. NPII-1 1. ROUT-1 1. ROUT-2 1. ROUT-3 1. SCFS 1. SSCA 1. TRAF-1 1. IPv6-\* 1. CDST 1. VULH
