Commit b6aa3af5 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Rename CNC to DNC (difficult of network configuration, not complexity)

parent c79326cb

EN-304-620-1.md

+12 −12
Original line number Diff line number Diff line
@@ -614,15 +614,15 @@ Rationale: More users with physical access to manufacturer infrastructure increa 
* **[RDP-1]** Manufacturer has direct access to all remote data processing infrastructure

* **[RDP-2]** Manufacturer infrastructure in a multi-tenant SaaS system



### C.2.7 RF-CNC: Difficulty of network configuration

### C.2.7 RF-DNC: Difficulty of network configuration



Description: Difficulty of configuring, controlling, and monitoring the configuration of the network connection on the platform the product is running on.



Rationale: The more difficult it is to configure the network connection, maintain control over that configuration, and learn about changes to the configuration, the more likely it is that the configuration will become insecure.



* **[CNC-0]** Product has complete control over the network configuration

* **[CNC-1]** Product is using a well-defined, predictable platform service to configure the network connection

* **[CNC-2]** Other software can change network configuration without notification or permission from the product

* **[DNC-0]** Product has complete control over the network configuration

* **[DNC-1]** Product is using a well-defined, predictable platform service to configure the network connection

* **[DNC-2]** Other software can change network configuration without notification or permission from the product



## C.3 Assumptions
@@ -767,9 +767,9 @@ Requirements: CRYPT, NPII, LOGG 


| Risk factors | Likelihood | Security profile |

|--------------|------------|------------------|

| CNC = 2      | High       | SP-\*            |

| CNC = 1      | Medium     | none             |

| CNC = 0      | Low        | none             |

| DNC = 2      | High       | SP-\*            |

| DNC = 1      | Medium     | none             |

| DNC = 0      | Low        | none             |



_Table C.8_
@@ -895,9 +895,9 @@ Mitigations for Impact: 


| Risk factors | Likelihood | Security profile |

|--------------|------------|------------------|

| CNC = 2      | High       | SP-\*            |

| CNC = 1      | Medium     | none             |

| CNC = 0      | Low        | none             |

| DNC = 2      | High       | SP-\*            |

| DNC = 1      | Medium     | none             |

| DNC = 0      | Low        | none             |



_Table C.X_
@@ -925,7 +925,7 @@ Mitigations for Impact: 


### C.5. Mapping of use cases to risk factors and security profiles



| Use case | Description                 | CFG | AUT | DAT | FUN | ADM | RDP | CNC | SP   |

| Use case | Description                 | CFG | AUT | DAT | FUN | ADM | RDP | DNC | SP   |

|----------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|------|

| UC-1     | Individual consumer         | 1   | 0   | 0   | 0   | 2   | 2   | 2   | SP-1 |

| UC-2     | Privacy conscious household | 1   | 0   | 1   | 1   | 1   | 0   | 2   | SP-2 |
@@ -936,7 +936,7 @@ _Table C.TODO — Use cases mapped to risk factors and security profiles_ 


### C.6. Mapping of security profiles to risk factors



| Security profile | Description                 | CFG | AUT | DAT | FUN | ADM | RDP | CNC |

| Security profile | Description                 | CFG | AUT | DAT | FUN | ADM | RDP | DNC |

|------------------|-----------------------------|-----|-----|-----|-----|-----|-----|-----|

| SP-1             | Individual consumer         | 1   | 0   | 0   | 0   | 2   | 2   | 2   |

| SP-2             | Privacy conscious household | 1   | 0   | 1   | 1   | 1   | 2   | 2   |