[NordSec] Minor fixes (cf8f3509) · Commits · STAN4CRA / EN 304 620 Virtual Private Networks Part 1

EN-304-620.md

+3 −3

Original line number	Diff line number	Diff line
		@@ -618,7 +618,7 @@ Rationale: Different consequences change the impact of compromise of Personal Da

		* [PER-0] Usage is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Usage is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights
		* [PER-2] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights

		## C.3 Assumptions

		@@ -884,7 +884,7 @@ Attacker may read sensitive data transmitted without encryption in a VPN which c

		\| Risk factors \| Likelihood \| Security profiles \|
		\|-----------------------------------------\|------------\|-------------------\|
		\| CON > 0 & CFG > 0 & max(DAT, FUN) = 2) \| High \| SP-4, SP-5 \|
		\| CON > 0 & CFG > 0 & max(DAT, FUN) = 2 \| High \| SP-4, SP-5 \|
		\| all others \| Medium \| none \|
		\| CON = 0 or CFG = 0 or max(DAT, FUN) = 0 \| Low \| SP-1, SP-2, SP-3 \|

		@@ -1164,7 +1164,7 @@ Mitigations for Impact:
		\| UC-2 \| Privacy conscious household \| 1 \| 0 \| 1 \| 1 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| SP-2 \|
		\| UC-3 \| Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 1 \| 0 \| 2 \| SP-3 \|
		\| UC-4 \| Small organisation \| 2 \| 2 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 1 \| SP-4 \|
		\| UC-5 \| Large enterprise \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 2 \| 1 \| SP-4 \|
		\| UC-5 \| Large enterprise \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 2 \| 1 \| SP-5 \|

		## C.6 Security profiles

Original line number	Diff line number	Diff line
		@@ -618,7 +618,7 @@ Rationale: Different consequences change the impact of compromise of Personal Da

		* [PER-0] Usage is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Usage is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights
		* [PER-2] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights

		## C.3 Assumptions

		@@ -884,7 +884,7 @@ Attacker may read sensitive data transmitted without encryption in a VPN which c

		\| Risk factors \| Likelihood \| Security profiles \|
		\|-----------------------------------------\|------------\|-------------------\|
		\| CON > 0 & CFG > 0 & max(DAT, FUN) = 2) \| High \| SP-4, SP-5 \|
		\| CON > 0 & CFG > 0 & max(DAT, FUN) = 2 \| High \| SP-4, SP-5 \|
		\| all others \| Medium \| none \|
		\| CON = 0 or CFG = 0 or max(DAT, FUN) = 0 \| Low \| SP-1, SP-2, SP-3 \|

		@@ -1164,7 +1164,7 @@ Mitigations for Impact:
		\| UC-2 \| Privacy conscious household \| 1 \| 0 \| 1 \| 1 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| SP-2 \|
		\| UC-3 \| Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 1 \| 0 \| 2 \| SP-3 \|
		\| UC-4 \| Small organisation \| 2 \| 2 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 1 \| SP-4 \|
		\| UC-5 \| Large enterprise \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 2 \| 1 \| SP-4 \|
		\| UC-5 \| Large enterprise \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 2 \| 1 \| SP-5 \|

		## C.6 Security profiles