Commit 58722b82 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add security profiles

parent e61cec22

EN-304-622.md

+26 −10
Original line number Diff line number Diff line
@@ -312,25 +312,41 @@ For each SIEM system placed on the market, the manufacturer shall develop a thre 


#### 4.5.1.5 Physical Access by Threat Actors to System



**[PHYS]**: Manufacturers of SIEM systems may implement protective measures to mitigate physical access based threats to the device.

**[PHY]**: Manufacturers of SIEM systems may implement protective measures to mitigate physical access based threats to the device.



* PHYS-0: only used in environments with authorized users

* PHYS-1: may be incidentally exposed to untrusted users

* PHYS-2: used primarily by untrusted users, e.g. the general public

* PHY-0: only used in environments with authorized users

* PHY-1: may be incidentally exposed to untrusted users

* PHY-2: used primarily by untrusted users, e.g. the general public



#### 4.5.1.6 Support Period



**[SUPP]**: Manufacturers shall implement protections and implement safeguards appropriate to the support period of a SIEM System

**[SUP]**: Manufacturers shall implement protections and implement safeguards appropriate to the support period of a SIEM System



* SUPP-0: Support period of less than five years.

* SUPP-1: Support period of five to ten years.

* SUPP-2: Support period of ten years or longer.

* SUP-0: Support period of less than five years.

* SUP-1: Support period of five to ten years.

* SUP-2: Support period of ten years or longer.



### 4.5.2 Mapping of Use Cases to Risk Factors



## 4.6 Security Levels

| Use case                                    | COM | EXP | ADM | ISO | PHY | SUP | Sec Pro |

|---------------------------------------------|-----|-----|-----|-----|-----|-----|---------|

| UC-OP-1 On Premises SIEM system             | 0-2 | 0-3 |   2 |   0 | 0-2 |   2 | SP-OP-1 |

| UC-OP-2 On Premises MSSP system             | 0-2 |   3 |   1 |   1 | 0-2 |   1 | SP-OP-2 |

| UC-RS-1 Cloud Based System                  | 0-2 |   3 |   1 |   1 | 0-2 |   1 | SP-RS-1 |

| UC-RS-2 Manufacturer operated SIEM service  | 0-2 |   3 |   0 |   2 | 0-2 |   1 | SP-RS-2 |



Security levels are a resource to the manufacturer. Each security level is associated with a collection of levels of risk factors. Security levels will be mapped to specific mitigations for each security requirements necessary to treat the risk.

## 4.6 Security Profiles



Security profiles are a resource to the manufacturer. Each security profile is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each security requirements necessary to treat the risk.



| Sec Pro | COM | EXP | ADM | ISO | PHY | SUP |

|---------|-----|-----|-----|-----|-----|-----|

| SP-OP-1 | 2   |   3 |   2 |   0 |   2 |   2 |

| SP-OP-2 | 2   |   3 |   1 |   1 |   2 |   1 |

| SP-RS-1 | 2   |   3 |   1 |   1 |   2 |   1 |

| SP-RS-2 | 2   |   3 |   0 |   2 |   2 |   1 |



Note: Potentially COM, EXP, and PHY can all be assumed to require the highest risk level mitigation in all products, and therefore can be left out of the use case and security profile analysis.



## 4.7 Essential functions