Commit 2b1ffa51 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Update availability requirements and mappings

parent ffb2d07d

EN-304-625.md

+19 −17
Original line number Diff line number Diff line
@@ -1282,38 +1282,40 @@ The product shall protect the availability of essential and core functions. 


#### 5.2.X.x MI-WDOG: Watchdog and self-initiated reset



The network interface shall implement a mechanism to trigger an automatic reset when it detects that it is no longer able to perform its functions.

The product shall implement a mechanism to trigger an automatic reset when it detects that it is no longer able to perform its functions.



  * Applicability: physical network interfaces that have a remote management feature

  * Preparation: document the conditions that indicate the device cannot perform its functions

  * Test: cause each of the conditions to occur

  * Result: for each condition, the network interface resets itself

  * Output: error, log message, statistics update, or other information from card indicating reset of network interface

  * Reference: TR-AVAI

  * Objective: Availability

  * Preparation: Document the conditions that indicate the product cannot perform its functions

  * Activities: Cause each of the conditions to occur and observe whether the product resets

  * Verdict: Every condition triggers an automatic reset => PASS, otherwise FAIL

  * Evidence: Documentation, log messages



#### 5.2.X.x MI-NTFY: Watchdog and notification of host



The network interface shall implement a mechanism to notify the host system when it detects that it is no longer able to perform its functions.

The product shall implement a mechanism to notify the host system when it detects that it is no longer able to perform its functions and a way for the host to reset the product.



  * Preparation: document the conditions that indicate the device cannot perform its functions

  * Test: cause each of the conditions to occur

  * Result: for each condition, the notification is received by the host

  * Output: error, log message, statistics update, or other information from card indicating error notification was received

  * Reference: TR-AVAI

  * Objective: Availability

  * Preparation: Document the conditions that indicate the product cannot perform its functions

  * Activities: Cause each of the conditions to occur and observe whether the product notifies the host system

  * Verdict: Every condition triggers a notification to the host => PASS, otherwise FAIL

  * Evidence: Documentation, log messages



#### 5.2.X.x Mapping of mitigations to risk factors and security profiles



FIXME update mitigation mapping below for MI-NTFY



FIXME define a security profile for interfaces that are the primary interface



| Risk factors | Requires mitigations |

|--------------|----------------------|

| FUN < 1      | none                 |

| FUN < 2      | NTFY or WDOG         |

| all others   | WDOG                 |



| Security Profile        | Requires mitigations |

|------------------|----------------------|

| FIXME            | NTFY or WDOG         |

| all others       | WDOG                 |

|-------------------------|----------------------|

| WD-1, WD-3, WL-\*, VI-1 | NTFY or WDOG         |

| WD-2, WD-4, VI-2        | WDOG                 |



### 5.2.X **TR-LMAS**: Minimize exposed interfaces