@@ -173,21 +173,17 @@ The following referenced documents may be useful in implementing an ETSI deliver
This section provides terms and definitions based on CEN/CLC JTC13 WG09's work on terms and definitions, terms and definitions provided by ETSI EN 303 645/TS 103 701 and terms and definitions provided by CEN/CLC EN 18031 series.
For the purposes of the present document, the [following] terms [given in ... and the following] apply:
For the purposes of the present document, the following terms apply:
1.**Security information and event managment systems**: Software, hardware or a remote data processing solution (a service) that collects, analyzes, and reports security data from multiple sources to the user.
2.**Managed Security Service Provider**: A third party or manufacturer service that provides some or all SIEM functions to a customer thorugh a remote data processing solution and client application.
**Security information and event managment systems:** Software, hardware or a remote data processing solution (a service) that collects, analyzes, and reports security data from multiple sources to the user.
**Managed Security Service Provider:** A third party or manufacturer service that provides some or all SIEM functions to a customer thorugh a remote data processing solution and client application.
## 3.2 Symbols
## 3.2 Abbreviations
For the purposes of the present document, the [following] symbols [given in ... and the following] apply:
For the purposes of the present document, the following abbreviations apply:
## 3.3 Abbreviations
For the purposes of the present document, the [following] abbreviations [given in ... and the following] apply:
1.**SIEM**: Security information and event management system
2.**MSSP**: Managed Security Services Provider
**SIEM:** Security information and event management system
**MSSP:** Managed Security Services Provider
# 4 Product context
@@ -265,11 +261,9 @@ _When you have many use cases, group them into 3 - 5 levels of risk. These will
* Software and data are remotely stored by Manufacturer or other MSSP.
* Consumer manages and operates SIEM system internally using own staff
* UC-RS-2 Manufacturer operated SIEM service with consumer portal
* All SIEM functions performed remotely by MSSP or manufacturer
## 4.5 Risk Factors
For each SIEM system placed on the market, the manufacturer shall develop a threat model and risk profile based on the intended purpose and reasonably foreseeable use of the SIEM system. Risk factors are specific elements of a product's intended or reasonably foreseeable use that are linked to or allow specific threats. Risk factors are one part of creating a product's risk profile. They define specific security requirements and mitigations that a the manufacturer will need to apply to a product and collectively define the product's security level.
@@ -317,7 +311,7 @@ For each SIEM system placed on the market, the manufacturer shall develop a thre
* PHYS-1: may be incidentally exposed to untrusted users
* PHYS-2: used primarily by untrusted users, e.g. the general public
#### 4.5.1.x Support Period
#### 4.5.1.6 Support Period
**[SUPP]**: Manufacturers shall implement protections and implement safeguards appropriate to the support period of a SIEM System
@@ -325,8 +319,6 @@ For each SIEM system placed on the market, the manufacturer shall develop a thre
* SUPP-1: Support period of five to ten years.
* SUPP-2: Support period of ten years or longer.
#### 4.5.1.x
### 4.5.2 Mapping of Use Cases to Risk Factors
## 4.6 Security Levels
@@ -354,12 +346,6 @@ The essential functions of all SIEM systems are to collect, analyze and report o
* Provides reports for compliance purposes
* Alerts user of potential security threats or other anomolies
_List the essential functions of the product, including:_
* _What it does during its intended or reasonably foreseeble use_
* _How its functions are configured_
* _How it keeps itself secure and functioning_
## 4.8 Operational Environment
_Describe the expected operating environment given the exclusions in Section 4.2. This includes:_
