Commit 1825d805 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Rename/tweak SDEF requirements

parent 3a4550cd

EN-304-625.md

+18 −18
Original line number Diff line number Diff line
@@ -917,21 +917,21 @@ Guidance: This requirement gives the user or integrator of the product the neces 
  * Verdict: If every interface discovered is listed in the documentation and has the required information => PASS, otherwise => FAIL

  * Evidence: Method to list all interfaces accessible from the host, list of interfaces discovered, documentation of assets



#### 5.2.X.x **MI-SDEE-1**: Document physical access to debug interfaces

#### 5.2.X.x **MI-PDDI-1**: Document how to protect access to debug/management interfaces



All debug/management interfaces accessible to someone with physical access to the product shall be documented as to how to protect or disable them.

All debug/management interfaces on the product shall be documented as to how to protect or disable them.



Guidance: This is for the use case of selling to an integrator.



  * Applicability: Physical network interface

  * Reference: TR-SDEF

  * Objective: Secure by default

  * Preparation: Examine the documentation for how to protect or disable the physically accessible debug/management interfaces of the product

  * Activities: Examine the product for undocumented physical management interfaces, then follow the instructions in the documentation to disable or protect each documented interface, then attempt to access the interface without authorization

  * Verdict: All physical debug or management interfaces are documented as to how to disable or protect them, and no interfaces are accessible without authorization after following the documentation t protect or disable them => PASS, otherwise => FAIL

  * Preparation: Examine the documentation for how to protect or disable the debug/management interfaces of the product

  * Activities: Examine the product for undocumented debug/management interfaces, then follow the instructions in the documentation to disable or protect each documented interface, then attempt to access the interface without authorization

  * Verdict: All debug/management interfaces are documented as to how to disable or protect them, and no interfaces are accessible without authorization after following the documentation to protect or disable them => PASS, otherwise => FAIL

  * Evidence: Pictures of the product, list of discovered interfaces, comparison with documentation, notes as to which are documented how to disable/protect, logs of protect/disable actions, logs of attempts to access interfaces after protected or disabled



#### 5.2.X.x **MI-SDEE-2**: Protect or disable physical access to debug interfaces

#### 5.2.X.x **MI-PDDI-2**: Protect or disable physical access to debug/management interfaces



All debug/management interfaces accessible to someone with physical access to the product shall be protected or disabled by default, unless necessary for backward compatibility and use by an appropriately sophisticated user who has been sufficiently informed of the risk and how to mitigate it.
@@ -945,11 +945,11 @@ Guidance: This is for the use case of an end user in use cases where physical ac 
  * Verdict: No undocumented interfaces are found, no documented interfaces can be used without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL

  * Evidence: List of interfaces, log of examinations, log of attempts to access



#### 5.2.X.x **MI-SDEE-3**: Local software access to interfaces

#### 5.2.X.x **MI-PDDI-3**: Protect or disable local software access to debug/management interfaces



All debug/remote management interfaces accessible via unprivileged users on the host system shall be protected or disabled by default, unless necessary for backward compatibility and use by an appropriately sophisticated user who has been sufficiently informed of the risk and how to mitigate it.

All debug/management interfaces accessible via unprivileged users on the host system shall be protected or disabled by default, unless necessary for backward compatibility and use by an appropriately sophisticated user who has been sufficiently informed of the risk and how to mitigate it.



Guidance: This is for the use case of an end user in use cases where local host system access is possible for a threat actor.

Guidance: This is for the use case of an end user in use cases where local host system software access is possible for a threat actor.



  * Reference: TR-SDEF

  * Objective: Secure by default
@@ -958,9 +958,9 @@ Guidance: This is for the use case of an end user in use cases where local host 
  * Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL

  * Evidence: List of interfaces, log of attempts to access



#### 5.2.X.x **MI-SDEE-4**: Network access to interfaces

#### 5.2.X.x **MI-PDDI-4**: Protect or disable network access to debug/management interfaces



All debug/remote management interfaces accessible via the network shall be protected or disabled by default, unless necessary for backward compatibility and use by an appropriately sophisticated user who has been sufficiently informed of the risk and how to mitigate it.

All debug/management interfaces accessible via the network shall be protected or disabled by default, unless necessary for backward compatibility and use by an appropriately sophisticated user who has been sufficiently informed of the risk and how to mitigate it.



Guidance: This is for the use case of an end user in use cases where network access is possible for a threat actor.
@@ -975,16 +975,16 @@ Guidance: This is for the use case of an end user in use cases where network acc 


| Risk factors | Requires mitigations       |

|--------------|----------------------------|

| PHY > 0      | SDEE-1, SDEE-2, ADEF, DPAH |

| SFT > 0      | SDEE-1, SDEE-3, ADEF, DPAH |

| NET > 0      | SDEE-1, SDEE-4, ADEF, DPAH |

| PHY > 0      | PDDI-1, PDDI-2, ADEF, DPAH |

| SFT > 0      | PDDI-1, PDDI-3, ADEF, DPAH |

| NET > 0      | PDDI-1, PDDI-4, ADEF, DPAH |



| Security Profile       | Requires mitigations       |

|------------------------|----------------------------|

| WD-1                   | none                       |

| WD-2, WL-1             | SDEE-1, SDEE-4, ADEF, DPAH |

| VI-\*                  | SDEE-1, SDEE-3, ADEF, DPAH |

| WD-3, WD-4, WL-2, WL-3 | SDEE-\*, ADEF, DPAH        |

| WD-2, WL-1             | PDDI-1, PDDI-4, ADEF, DPAH |

| VI-\*                  | PDDI-1, PDDI-3, ADEF, DPAH |

| WD-3, WD-4, WL-2, WL-3 | PDDI-\*, ADEF, DPAH        |



### 5.2.X **TR-SCUD**: Secure updates
@@ -1504,7 +1504,7 @@ This clause lists all the mitigations necessary to meet requirements for each se 


SP-WD-1: KEVD, SCFS, SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG, VULH



SP-WD-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SDEE-1, SDEE-4, ADEF, DPAH,  SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH

SP-WD-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), PDDI-1, PDDI-4, ADEF, DPAH,  SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH



SP-WD-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG, VULH