@@ -544,15 +544,15 @@ The risk factors identified by the risk assessment in Annex C are grouped into r
| UC-VI-3 Virtual interface for external use on enterprise device | L-1 | L-1 | L-2 | L-0 | SC-VI-2 |
| UC-VI-4 Virtual interface for external use on public server | L-3 | L-2 | L-2 | L-0 | SC-VI-2 |
## 4.6 Security levels
## 4.6 Security profiles
### 4.6.1 General
Security levels are an informative resource to the manufacturer. Each security level is associated with a collection of levels of risk factors. Security levels will be mapped to specific mitigations for each security requirements necessary to treat the risk.
Security profiles are an informative resource to the manufacturer. Each security level is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each security requirements necessary to treat the risk.
### 4.6.2 Mapping of security level to risk factors
Security levels are associated with sets of risk factor levels.
Security profiles are associated with sets of risk factor levels.
> FIXME add security requirements when they exist
@@ -809,7 +809,7 @@ For wireless - operating environment of standard applies
## C.4 Risk assessments of threats
> For each threat identified above, use likelihood and magnitude of the threat to assess its risk in the context of use cases. The results should be consistent with the mapping of use cases to security levels.
> For each threat identified above, use likelihood and magnitude of the threat to assess its risk in the context of use cases. The results should be consistent with the mapping of use cases to security profiles.
