Use new threat assessment for known exploitable vulnerabilities

### 5.3.1 Wired network interface risk mitigation sets

SP-WD-1: KEVD, SCFS, SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG, VULH

SP-WD-1: SCFS, SUDC, (SUVP or SUOE), (NTFY or WDOG), LOGG

SP-WD-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), PDDI-1, PDDI-4, ADEF, DPAH,  SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), PDDI-1, PDDI-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG, VULH

SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, (NTFY or WDOG), JSTY, LOGG, VULH

SP-WD-4: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

### 5.3.2 Wireless network interface risk mitigation sets

SP-WL-1: KEVD, SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

### 5.3.3 Virtual network interface risk mitigation sets

SP-VI-1: KEVD, SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-VI-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR, VULH

SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR, VULH

# 6 Conformity Assessment

### C.4.1 General

The approach to listing threats is to separate them by mitigation so that they may be associated with risk factors more directly.

The approach to listing threats is to separate them by mitigation so that they may be associated with mitigations more directly.

For the purposes of the list of threats, the product includes:

  * the device driver (if any)

  * the virtual network interface (if any)

### C.4.2 Risk assessment methodology

Risk factor levels for each security profile are determined by reading the descriptions for each risk factor level and choosing the one that most accurately represents the highest risk for the intended purpose and reasonably foreseeable use and misuse of the product, as specified by the manufacturer.

For each threat, a formula based on the risk factor levels is used to calculate the Likelihood and Impact of the threat, on a scale of Low, Medium, and High.

For each threat, both likelihood and impact must be Low before the risk is considered sufficiently mitigated. If the calculated levels are not already Low, then mitigations must be applied until they are both Low. The mitigation sets that will accomplish this are listed in each threat description.

The risk factors by type are:

Likelihood: PHY SFT NET COM ADM LIS

  * Likelihood: PHY SFT NET COM ADM LIS

Impact: SYS SDS SDT FUN INT DOS

  * Impact: SYS SDS SDT FUN INT DOS

For each threat, a table shows how to use the risk factors to calculate the level of likelihood or impact. The levels are Low, Medium, or High.

The mitigations that reduce risk by type are:

### C.4.3 List of threats and risk assessments

  * Likelihood: KEVD, KEVM, KEVA, KEVT, SCAN, SCFS, SSCA, FZ95, BTIN, IMSL, MSAF-\*, MZRO-\*, ADEF, DPAH, PDDI-\*, SUDC, SUVP, SUOE, SUAP, SUAO, CDTX, JSTY, RSET, INST, DELE, VULH

#### C.4.3.1 Known exploitable vulnerabilities

  * Impact: IMSL, DCTX, DJST, IDST, NTFY, WDOG, LOGG, SDRF, SDTR

**[TH-KEVU]:** Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.

### C.4.3 List of threats, risk assessments, and mitigations

| Risk factors                                  | Likelihood |

|-----------------------------------------------|------------|

| max(PHYS, SFT, NET) > 1 & COM > 1 & ADM > 0   | High       |

| all others                                    | Medium     |

| max(PHYS, SFT, NET) < 1 or COM = 0 or ADM = 0 | Low        |

#### C.4.3.1 Known exploitable vulnerabilities at first use

| Risk factors                     | Impact |

|----------------------------------|--------|

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium |

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    |

**[TH-KEVU]:** Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets when the product is first used.

| Risk factors                                  | Likelihood | Security profiles            |

|-----------------------------------------------|------------|------------------------------|

| max(PHYS, SFT, NET) < 1 or COM < 1 or ADM < 1 | Low        | WD-1                         |

| all others                                    | Medium     | WD-2, WD-3, WD-4, WL-1, VI-1 |

| max(PHYS, SFT, NET) = 2 & COM > 1 & ADM > 1   | High       | WL-2, WL-3, VI-2             |

| Risk factors                     | Impact | Security profiles       |

|----------------------------------|--------|-------------------------|

| max(SYS, SDS, SDT, FUN, DOS) = 0 | Low    | none                    |

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-\*, VI-1 |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, VI-2        |

Requirements that mitigate this threat: NKEV, SSDD, LMII, LMAS, LOGG

Mitigations for Likelihood:

* Medium to Low: (KEVD or KEVA or KEVT or SCAN), KEVM, SCFS, SSCA, ADEF, DPAH, PDDI-\*

* High to Low: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), MSAF-\*, MZRO-\*, ADEF, DPAH, PDDI-\*, JSTY

Mitigations for Impact:

* Medium to Low: (NTFY or WDOG), LOGG

* High to Low: DJST, NTFY, WDOG, LOGG

Mitigations required

SP-WD-1: none

SP-WD-2: KEVD or KEVA or KEVT or SCAN, KEVM, SCFS, SSCA, ADEF, DPAH, PDDI-\*, DJST, NTFY, WDOG, LOGG

SP-WD-3: KEVD or KEVA or KEVT or SCAN, KEVM, SCFS, SSCA, ADEF, DPAH, PDDI-\*, NTFY, LOGG

[etc]

Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG, VULH

#### C.4.3.1 Unknown exploitable vulnerabilities

**[TH-UEVU]:** Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.