Commit 042791c3 authored by August Bournique's avatar August Bournique Committed by Santeri Toikka
Browse files

Change to Main for HAS Comment 61 

Issue #100

Partial adoption of comment - retained need to document method for identification of interfaces and clarified need to compare lists of exposed interfaces and to document all aspects of process.

"* Preparation: List all types of interfaces on the product that may be exposed to an attacker, whether enabled or disabled. For each type of interface, list all exposed interfaces of that type, and document the method or methods used to create and verify these lists. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct exposed interface in each state, describe the interface and why it has to be enabled by default.

  * Activities: Using the list of types of interfaces, the list of states of the product, list all exposed interfaces in each state, and document the method or methods used to create and verify this list. Compare the list of exposed interfaces by state to the documented list by type."
parent 3aa15924

EN-304-625.md

+2 −2
Original line number Original line Diff line number Diff line
@@ -1271,9 +1271,9 @@ All exposed interfaces on the product in any state that is part of its reasonabl 




  * Objective: Limit attack surface

  * Objective: Limit attack surface





  * Preparation: List all types of interfaces on the product that may be exposed to an attacker, whether enabled or disabled. For each type of interface, identify a method to list all exposed interfaces of that type. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct exposed interface in each state, describe the interface and why it has to be enabled by default.

  * Preparation: List all types of interfaces on the product that may be exposed to an attacker, whether enabled or disabled. For each type of interface, list all exposed interfaces of that type, and document the method or methods used to create and verify these lists. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct exposed interface in each state, describe the interface and why it has to be enabled by default.





  * Activities: Using the list of types of interfaces, the list of states of the product, and the method to list all exposed interfaces of that type, list all exposed interfaces in each state. Compare to the documented list.

  * Activities: Using the list of types of interfaces, the list of states of the product, list all exposed interfaces in each state, and document the method or methods used to create and verify this list. Compare the list of exposed interfaces by state to the documented list by type.





  * Verdict: All discovered interfaces are documented, including rationale => PASS, otherwise => FAIL

  * Verdict: All discovered interfaces are documented, including rationale => PASS, otherwise => FAIL