@@ -475,7 +475,7 @@ Users of a SIEM system include:
## 4.10 Distribution of security functions
## 4.10.1 Security functions provided outside the product
### 4.10.1 Security functions provided outside the product
Security functions provided by other components of a system to a SIEM product may include:
@@ -487,7 +487,7 @@ Security functions provided by other components of a system to a SIEM product ma
- Authorization
- Availability
## 4.10.2 Security functions provided to other products
### 4.10.2 Security functions provided to other products
Security functions a SIEM product may provide to other components of the system may include:
@@ -581,6 +581,17 @@ This section shall have:
## C.1 Assets
**Incident response capability**
- ability to detect, diagnose, and remediate outages
**Network inventory and topology**
- network inventory
- network topology
- network segmentation policies
- firewall rules
### C.1.1 Data
- Credentials
@@ -637,6 +648,23 @@ This section shall have:
>
> Assumptions may vary by use case. For example, for a VPN, if the use case is protecting from a state actor, then you must assume focused, specific surveillance of all of the user's network traffic. If the use case is downloading a TV show only available in another country, you can assume that no one is analyzing the user's traffic.
- Proper operating system
- **Rationale:** A SIEM system requires a trustworthy operating system to perform its functions.
- [A-POS-L-1]: The operating system is assumed to be trustworthy.
- [A-POS-L-2]: The operating system provides and enforces process isolation
- Proper administrator
- **Rationale:** A SIEM system requires effective administration to perform its functions.
- [A-PA-L-1]: The administrator is assumed to be trustworthy.
- [A-PA-L-2]: The administrator is limited to protect against accidental misconfiguration.
- [A-PA-L-3]: The administrator is severely limited to protect against intentional misconfiguration.
- Not being attacked by a state actor
- Not using sophisticated or expensive hardware snooping techniques
- No secret hardware backdoors
## C.4 Risk assessments of threats
> For each threat identified above, use likelihood and magnitude of the threat to assess its risk in the context of use cases. The results should be consistent with the mapping of use cases to security profiles.
