Update on the risk factor (ff1d59ab) · Commits · STAN4CRA / EN 304 621 Network Management Systems

EN-304-621.md

+5 −5

Original line number	Diff line number	Diff line
		@@ -216,7 +216,7 @@ For the purposes of the present document, the following terms apply:

		1. Operating System (OS): Software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals. This category includes but is not limited to real-time operating systems, general-purpose and special-purpose operating systems.
		1. Identity Provider:
		1. Service Requesting Users (SRU): These users rely on the correct functioning of the NEs that are controlled and maintained from the NMS. SRUs do not care about the connected NEs and have no interface to login to the NMS. SRUs can be both, humans or devices and all are dependent to the connected NEs. The number of NE-connected SRUs can vary from a single person up to thousands per NE device, and is in principle not limited. For clarification of the risk factors, and as regulators define the criticality of a facility operation by the number of affected SRUs for the case a NE ceased its service, its relevant for the present document.
		1. Service Requesting Users (<a name="_term_.SRU">SRU</a>): These users rely on the correct functioning of the NEs that are controlled and maintained from the NMS. SRUs do not care about the connected NEs and have no interface to login to the NMS. SRUs can be both, humans or devices and all are dependent to the connected NEs. The number of NE-connected SRUs can vary from a single person up to thousands per NE device, and is in principle not limited. For clarification of the risk factors, and as regulators define the criticality of a facility operation by the number of affected SRUs for the case a NE ceased its service, its relevant for the present document.
		1. User: This is the person having the credentials to login to the NMS to operate administrative actions to control and maintain the NE.


		@@ -376,12 +376,12 @@ The security profile requirements reflects the intented deployment of the NMS.
		The risk factors identified by the risk assessment in Annex C are grouped into risk categories and assigned unique identifiers below.
		These risks are grouped into risk categories and assigned unique identifiers below.

		- Number of affected Service Requesting Users
		- Number of affected Service Requesting Users [<a href="#_term_.SRU">SRU</a>]

		- Rationale: the affected user base should be accounted for in the risk definition
		- [AUSR-L-0] single household or a small business
		- [AUSR-L-1] medium or large sized company with possibly multiple operation sites
		- [AUSR-L-2] local CSP
		- [AUSR-L-0] single household or a small business, small ammount of SRUs
		- [AUSR-L-1] medium or large sized company with possibly multiple operation sites, medium ammount of SRUs
		- [AUSR-L-2] CSP, large ammount of SRUs

		- Complexity of managed network element implementation

Original line number	Diff line number	Diff line
		@@ -216,7 +216,7 @@ For the purposes of the present document, the following terms apply:

		1. Operating System (OS): Software products with digital elements that provide an abstract interface of the underlying hardware and control the execution of software, and that may provide services such as computing resource management and configuration, scheduling, input-output control, managing data, and providing an interface through which applications interact with system resources and peripherals. This category includes but is not limited to real-time operating systems, general-purpose and special-purpose operating systems.
		1. Identity Provider:
		1. Service Requesting Users (SRU): These users rely on the correct functioning of the NEs that are controlled and maintained from the NMS. SRUs do not care about the connected NEs and have no interface to login to the NMS. SRUs can be both, humans or devices and all are dependent to the connected NEs. The number of NE-connected SRUs can vary from a single person up to thousands per NE device, and is in principle not limited. For clarification of the risk factors, and as regulators define the criticality of a facility operation by the number of affected SRUs for the case a NE ceased its service, its relevant for the present document.
		1. Service Requesting Users (<a name="_term_.SRU">SRU</a>): These users rely on the correct functioning of the NEs that are controlled and maintained from the NMS. SRUs do not care about the connected NEs and have no interface to login to the NMS. SRUs can be both, humans or devices and all are dependent to the connected NEs. The number of NE-connected SRUs can vary from a single person up to thousands per NE device, and is in principle not limited. For clarification of the risk factors, and as regulators define the criticality of a facility operation by the number of affected SRUs for the case a NE ceased its service, its relevant for the present document.
		1. User: This is the person having the credentials to login to the NMS to operate administrative actions to control and maintain the NE.


		@@ -376,12 +376,12 @@ The security profile requirements reflects the intented deployment of the NMS.
		The risk factors identified by the risk assessment in Annex C are grouped into risk categories and assigned unique identifiers below.
		These risks are grouped into risk categories and assigned unique identifiers below.

		- Number of affected Service Requesting Users
		- Number of affected Service Requesting Users [<a href="#_term_.SRU">SRU</a>]

		- Rationale: the affected user base should be accounted for in the risk definition
		- [AUSR-L-0] single household or a small business
		- [AUSR-L-1] medium or large sized company with possibly multiple operation sites
		- [AUSR-L-2] local CSP
		- [AUSR-L-0] single household or a small business, small ammount of SRUs
		- [AUSR-L-1] medium or large sized company with possibly multiple operation sites, medium ammount of SRUs
		- [AUSR-L-2] CSP, large ammount of SRUs

		- Complexity of managed network element implementation

Admin message