Rename LOC (local) to SFT (software) (1c64699b) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+38 −38

Original line number	Diff line number	Diff line
		@@ -745,8 +745,8 @@ If automatable and freely-usable vulnerability scanners are available for the pr

		\| Risk factors \| Requires mitigations \|
		\|---------------------------------------\|----------------------\|
		\| max(LOC, NET, SDS, SDT, FUN, DOS) < 1 \| none \|
		\| max(LOC, NET, SDS, SDT, FUN, DOS) < 2 \| KEVD \|
		\| max(SFT, NET, SDS, SDT, FUN, DOS) < 1 \| none \|
		\| max(SFT, NET, SDS, SDT, FUN, DOS) < 2 \| KEVD \|
		\| all others \| KEVD, SCAN \|

		\| Security Profile \| Requires mitigations \|
		@@ -911,7 +911,7 @@ The product shall zero-initialize all heap memory before use.

		\| Risk factors \| Requires mitigations \|
		\|-----------------------\|----------------------------\|
		\| LOC < 1 & NET < 1 \| None \|
		\| SFT < 1 & NET < 1 \| None \|
		\| all others \| IMSL or (MSAF-\, MZRO-\) \|

		\| Security Profile \| Requires mitigations \|
		@@ -1412,7 +1412,7 @@ Guidance: One type of event whose log message must take care to not accidentally

		\| Risk factors \| Requires mitigations \|
		\|-------------------------------------------------\|----------------------\|
		\| LOC < 1 & SDS < 1 & FUN < 1 & SYS < 1 & NET < 1 \| none \|
		\| SFT < 1 & SDS < 1 & FUN < 1 & SYS < 1 & NET < 1 \| none \|
		\| all others \| LOGG \|

		\| Security Profile \| Requires mitigations \|
		@@ -1676,17 +1676,17 @@ Risk factors may increase the likelihood of an incident, increase the impact of

		The overall risk related to each use case should be considered as a result of combining risk factors affecting both likelihood and impact of an incident.

		[LOC] Degree of local access to the host system
		[SFT] Degree of local software access to the host system

		Description: How many agents have unprivileged access to the host system.
		Description: How many agents have unprivileged software access to the host system.

		Rationale: More agents with access on the host increase the likelihood of an attack originating from the host.
		Rationale: More agents with software access on the host increase the likelihood of an attack originating from the host.

		Type: Affects likelihood of attacks originating from the host system.

		* [LOC-L-0] Foreseeable use is effectively no agents on the host
		* [LOC-L-1] Foreseeable use is trusted agents
		* [LOC-L-2] Foreseeable use includes untrusted agents
		* [SFT-L-0] Foreseeable use is effectively no agents on the host
		* [SFT-L-1] Foreseeable use is trusted agents
		* [SFT-L-2] Foreseeable use includes untrusted agents

		[NET] Degree of public access to attached network

		@@ -1841,7 +1841,7 @@ For the purposes of the list of threats, the product includes:

		The risk factors by type are:

		Likelihood: LOC NET COM ADM LIS
		Likelihood: SFT NET COM ADM LIS

		Impact: SYS SDS SDT FUN INT DOS

		@@ -1853,9 +1853,9 @@ For each threat, a table shows how to use the risk factors to calculate the leve

		\| Risk factors \| Likelihood \|
		\|-------------------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 & ADM = 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 & ADM = 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 or ADM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 & ADM = 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 & ADM = 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 or ADM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|----------------------------------\|--------\|
		@@ -1869,9 +1869,9 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|----------------------------------\|--------\|
		@@ -1900,9 +1900,9 @@ Requirements: SDEL

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & ADM = 1 \| High \|
		\| (LOC = 1 or NET = 1) & ADM = 0 \| Medium \|
		\| (LOC < 1 & NET < 1) \| Low \|
		\| (SFT > 1 or NET > 1) & ADM = 1 \| High \|
		\| (SFT = 1 or NET = 1) & ADM = 0 \| Medium \|
		\| (SFT < 1 & NET < 1) \| Low \|

		\| Risk factors \| Impact \|
		\|----------------------------------\|--------\|
		@@ -1932,9 +1932,9 @@ Requirements: CDTX, DMIN, LMAS

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|------------------------\|--------\|
		@@ -1948,9 +1948,9 @@ Requirements: AVAI, MSAF, LMAS, LOGG

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|--------------\|--------\|
		@@ -1964,9 +1964,9 @@ Requirements: AVAI, LMAS, LOGG

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|--------------\|--------\|
		@@ -1996,9 +1996,9 @@ Requirements: CDTX, IDTX, SCUD, LOGG

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (LOC > 1 or NET > 1) & COM > 1 \| High \|
		\| (LOC = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (LOC < 1 & NET < 1) or COM = 0 \| Low \|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|

		\| Risk factors \| Impact \|
		\|--------------\|--------\|
		@@ -2012,7 +2012,7 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG

		#### C.5.2.1 Wired network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\| Use case \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WD-1 \| 0 \| 0 \| 1 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 2 \| SP-WD-1 \|
		\| UC-WD-2 \| 0 \| 0 \| 1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| SP-WD-1 \|
		@@ -2027,7 +2027,7 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG

		#### C.5.2.2 Wireless network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\| Use case \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-WL-1 \| 0 \| 0 \| 2 \| 0 \| 0 \| 1 \| 1 \| 1 \| 1 \| 1 \| SP-WL-1 \|
		\| UC-WL-2 \| 0 \| 1 \| 2 \| 1 \| 1 \| 0 \| 0 \| 0 \| 1 \| 2 \| SP-WL-1 \|
		@@ -2039,7 +2039,7 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG

		#### C.5.2.3 Virtual network interface use cases

		\| Use case \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\| Use case \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \| Sec Pro \|
		\|----------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|---------\|
		\| UC-VI-1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 0 \| 1 \| 1 \| 1 \| 0 \| SP-VI-1 \|
		\| UC-VI-2 \| 1 \| 2 \| 2 \| 1 \| 0 \| 1 \| 1 \| 1 \| 1 \| 0 \| SP-VI-2 \|
		@@ -2058,7 +2058,7 @@ Security profiles are associated with sets of risk factor levels.

		#### C.6.2.1 Wired network interface security profiles

		\| Security profile \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\| Security profile \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\|------------------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|
		\| SP-WD-1 \| 0 \| 0 \| 1 \| 1 \| 0 \| 1 \| 0 \| 1 \| 1 \| 2 \|
		\| SP-WD-2 \| 0 \| 2 \| 1 \| 1 \| 2 \| 2 \| 0 \| 1 \| 2 \| 1 \|
		@@ -2067,7 +2067,7 @@ Security profiles are associated with sets of risk factor levels.

		#### C.6.2.2 Wireless network interface security profiles

		\| Security profile \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\| Security profile \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\|------------------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|
		\| SP-WL-1 \| 0 \| 1 \| 2 \| 1 \| 1 \| 1 \| 1 \| 1 \| 1 \| 1 \|
		\| SP-WL-2 \| 1 \| 2 \| 2 \| 1 \| 2 \| 2 \| 1 \| 1 \| 1 \| 1 \|
		@@ -2075,7 +2075,7 @@ Security profiles are associated with sets of risk factor levels.

		#### C.6.2.3 Virtual network interface security profiles

		\| Security profile \| LOC \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\| Security profile \| SFT \| NET \| COM \| ADM \| LIS \| SYS \| SDS \| SDT \| FUN \| INT \|
		\|------------------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|
		\| SP-VI-1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| 1 \| 0 \|
		\| SP-VI-2 \| 2 \| 2 \| 2 \| 1 \| 0 \| 2 \| 2 \| 2 \| 2 \| 0 \|