Add new risk factors to use case tables (1497b98a) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+25 −39

Original line number	Diff line number	Diff line
		@@ -602,8 +602,6 @@ Measures the degree of access to the host system assets, such as memory, other d
		* [SYS-L-0] Limited access or access mediated by host software to host system resources
		* [SYS-L-1] Extensive access to host system resources

		FIXME update use case/profile for above risk factor

		[REM] Use of network interface for administration

		Affects impact.
		@@ -613,8 +611,6 @@ Measures how critical the network interface functions are for administration of
		* [REM-L-0] Foreseeable use is as secondary administrative interface
		* [REM-L-1] Foreseeable use is as primary administrative interface

		FIXME update use case/profile for above risk factor

		[DAT] Sensitivity of data stored

		Affects impact.
		@@ -623,8 +619,6 @@ Affects impact.
		* [DAT-L-1] Moderately important data
		* [DAT-L-2] Critical data

		FIXME update use case/profile for above risk factor

		[FUN] Sensitivity of functions

		Affects impact
		@@ -633,17 +627,13 @@ Affects impact
		* [FUN-L-1] Moderately important functions
		* [FUN-L-2] Critical functions

		FIXME update use case/profile for above risk factor

		[CON] Connectivity to other devices

		Affects impact

		* [CON-L-0] Little to no connectivity to other devices
		* [CON-L-1] Connected to a few devices on a private network
		* [CON-L-2] Connected to a public network

		FIXME update use case/profile for above risk factor
		* [CON-L-1] Connected to a few devices
		* [CON-L-2] Connected to many devics

		[INT] Integration in device

		@@ -653,43 +643,39 @@ Affects impact
		* [INT-L-1] Connected via internal adapter requiring disassembly to change
		* [INT-L-2] Fully integrated and cannot be removed from device

		FIXME update use case/profile for above risk factor

		??? Something about persistence

		### 4.5.2 Mapping of use cases to risk factors and security profiles

		#### 4.5.2.1 Wired network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WD-1 Wired enterprise device in isolated internal infrastructure \| L-0 \| L-0 \| L-1 \| L-0 \| SP-WD-1 \|
		\| UC-WD-2 Wired enterprise internal infrastructure device \| L-0 \| L-1 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-3 Wired enterprise edge device or internet infrastructure \| L-0 \| L-2 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-4 Wired enterprise worker device on internal network \| L-1 \| L-1 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-5 Wired stationary home device \| L-2 \| L-1 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-6 Wired stationary home gateway \| L-0 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-7 Wired stationary public server \| L-3 \| L-2 \| L-1 \| L-0 \| SP-WD-2 \|
		\| UC-WD-8 Wired stationary device for public use \| L-3 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-9 Wired mobile device \| L-2 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WD-1 \| 0 \| 0 \| 1 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-2 \| 0 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-3 \| 0 \| 2 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-4 \| 1 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-5 \| 2 \| 1 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-6 \| 0 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-7 \| 3 \| 2 \| 1 \| 0 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-8 \| 3 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-9 \| 2 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|

		#### 4.5.2.2 Wireless network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WL-1 Wireless mobile enterprise worker device \| L-1 \| L-2 \| L-3 \| L-0 \| SP-WL-1 \|
		\| UC-WL-2 Wireless stationary home device \| L-2 \| L-1 \| L-3 \| L-1 \| SP-WL-1 \|
		\| UC-WL-3 Wireless stationary device for public use \| L-3 \| L-2 \| L-3 \| L-1 \| SP-WL-2 \|
		\| UC-WL-4 Wireless mobile personal device \| L-2 \| L-2 \| L-3 \| L-1 \| SP-WL-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WL-1 \| 1 \| 2 \| 3 \| 0 \| 1 \| 0 \| 1 \| 1 \| 2 \| 1 \| SP-WL-1A\|
		\| UC-WL-2 \| 2 \| 1 \| 3 \| 1 \| 1 \| 1 \| 0 \| 0 \| 0 \| 2 \| SP-WL-1 \|
		\| UC-WL-3 \| 3 \| 2 \| 3 \| 1 \| \| \| \| \| \| \| SP-WL-2 \|
		\| UC-WL-4 \| 2 \| 2 \| 3 \| 1 \| \| \| \| \| \| \| SP-WL-2 \|

		#### 4.5.2.3 Virtual network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-VI-1 Virtual interface for internal use \| L-2 \| L-0 \| L-0 \| L-1 \| SP-VI-1 \|
		\| UC-VI-2 Virtual interface for external use on private device \| L-2 \| L-2 \| L-2 \| L-1 \| SP-VI-2 \|
		\| UC-VI-3 Virtual interface for external use on enterprise device \| L-1 \| L-1 \| L-2 \| L-0 \| SP-VI-2 \|
		\| UC-VI-4 Virtual interface for external use on public server \| L-3 \| L-2 \| L-2 \| L-0 \| SP-VI-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-VI-1 \| 2 \| 0 \| 0 \| 1 \| \| \| \| \| \| \| SP-VI-1 \|
		\| UC-VI-2 \| 2 \| 2 \| 2 \| 1 \| \| \| \| \| \| \| SP-VI-2 \|
		\| UC-VI-3 \| 1 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-VI-2 \|
		\| UC-VI-4 \| 3 \| 2 \| 2 \| 0 \| \| \| \| \| \| \| SP-VI-2 \|

		## 4.6 Security profiles

Original line number	Diff line number	Diff line
		@@ -602,8 +602,6 @@ Measures the degree of access to the host system assets, such as memory, other d
		* [SYS-L-0] Limited access or access mediated by host software to host system resources
		* [SYS-L-1] Extensive access to host system resources

		FIXME update use case/profile for above risk factor

		[REM] Use of network interface for administration

		Affects impact.
		@@ -613,8 +611,6 @@ Measures how critical the network interface functions are for administration of
		* [REM-L-0] Foreseeable use is as secondary administrative interface
		* [REM-L-1] Foreseeable use is as primary administrative interface

		FIXME update use case/profile for above risk factor

		[DAT] Sensitivity of data stored

		Affects impact.
		@@ -623,8 +619,6 @@ Affects impact.
		* [DAT-L-1] Moderately important data
		* [DAT-L-2] Critical data

		FIXME update use case/profile for above risk factor

		[FUN] Sensitivity of functions

		Affects impact
		@@ -633,17 +627,13 @@ Affects impact
		* [FUN-L-1] Moderately important functions
		* [FUN-L-2] Critical functions

		FIXME update use case/profile for above risk factor

		[CON] Connectivity to other devices

		Affects impact

		* [CON-L-0] Little to no connectivity to other devices
		* [CON-L-1] Connected to a few devices on a private network
		* [CON-L-2] Connected to a public network

		FIXME update use case/profile for above risk factor
		* [CON-L-1] Connected to a few devices
		* [CON-L-2] Connected to many devics

		[INT] Integration in device

		@@ -653,43 +643,39 @@ Affects impact
		* [INT-L-1] Connected via internal adapter requiring disassembly to change
		* [INT-L-2] Fully integrated and cannot be removed from device

		FIXME update use case/profile for above risk factor

		??? Something about persistence

		### 4.5.2 Mapping of use cases to risk factors and security profiles

		#### 4.5.2.1 Wired network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WD-1 Wired enterprise device in isolated internal infrastructure \| L-0 \| L-0 \| L-1 \| L-0 \| SP-WD-1 \|
		\| UC-WD-2 Wired enterprise internal infrastructure device \| L-0 \| L-1 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-3 Wired enterprise edge device or internet infrastructure \| L-0 \| L-2 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-4 Wired enterprise worker device on internal network \| L-1 \| L-1 \| L-2 \| L-0 \| SP-WD-1 \|
		\| UC-WD-5 Wired stationary home device \| L-2 \| L-1 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-6 Wired stationary home gateway \| L-0 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-7 Wired stationary public server \| L-3 \| L-2 \| L-1 \| L-0 \| SP-WD-2 \|
		\| UC-WD-8 Wired stationary device for public use \| L-3 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| UC-WD-9 Wired mobile device \| L-2 \| L-2 \| L-0 \| L-1 \| SP-WD-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WD-1 \| 0 \| 0 \| 1 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-2 \| 0 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-3 \| 0 \| 2 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-4 \| 1 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-WD-1 \|
		\| UC-WD-5 \| 2 \| 1 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-6 \| 0 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-7 \| 3 \| 2 \| 1 \| 0 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-8 \| 3 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|
		\| UC-WD-9 \| 2 \| 2 \| 0 \| 1 \| \| \| \| \| \| \| SP-WD-2 \|

		#### 4.5.2.2 Wireless network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WL-1 Wireless mobile enterprise worker device \| L-1 \| L-2 \| L-3 \| L-0 \| SP-WL-1 \|
		\| UC-WL-2 Wireless stationary home device \| L-2 \| L-1 \| L-3 \| L-1 \| SP-WL-1 \|
		\| UC-WL-3 Wireless stationary device for public use \| L-3 \| L-2 \| L-3 \| L-1 \| SP-WL-2 \|
		\| UC-WL-4 Wireless mobile personal device \| L-2 \| L-2 \| L-3 \| L-1 \| SP-WL-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WL-1 \| 1 \| 2 \| 3 \| 0 \| 1 \| 0 \| 1 \| 1 \| 2 \| 1 \| SP-WL-1A\|
		\| UC-WL-2 \| 2 \| 1 \| 3 \| 1 \| 1 \| 1 \| 0 \| 0 \| 0 \| 2 \| SP-WL-1 \|
		\| UC-WL-3 \| 3 \| 2 \| 3 \| 1 \| \| \| \| \| \| \| SP-WL-2 \|
		\| UC-WL-4 \| 2 \| 2 \| 3 \| 1 \| \| \| \| \| \| \| SP-WL-2 \|

		#### 4.5.2.3 Virtual network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| Sec Pro \|
		\|---------------------------------------------------------------------\|-----\|-----\|-----\|-----\|---------\|
		\| UC-VI-1 Virtual interface for internal use \| L-2 \| L-0 \| L-0 \| L-1 \| SP-VI-1 \|
		\| UC-VI-2 Virtual interface for external use on private device \| L-2 \| L-2 \| L-2 \| L-1 \| SP-VI-2 \|
		\| UC-VI-3 Virtual interface for external use on enterprise device \| L-1 \| L-1 \| L-2 \| L-0 \| SP-VI-2 \|
		\| UC-VI-4 Virtual interface for external use on public server \| L-3 \| L-2 \| L-2 \| L-0 \| SP-VI-2 \|
		\| Use case \| LOC \| NET \| COM \| ADM \| SYS \| REM \| DAT \| FUN \| CON \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-VI-1 \| 2 \| 0 \| 0 \| 1 \| \| \| \| \| \| \| SP-VI-1 \|
		\| UC-VI-2 \| 2 \| 2 \| 2 \| 1 \| \| \| \| \| \| \| SP-VI-2 \|
		\| UC-VI-3 \| 1 \| 1 \| 2 \| 0 \| \| \| \| \| \| \| SP-VI-2 \|
		\| UC-VI-4 \| 3 \| 2 \| 2 \| 0 \| \| \| \| \| \| \| SP-VI-2 \|

		## 4.6 Security profiles