WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
> FIXME mermaid chart temporarily removed to generate Word doc
> FIXME: mermaid chart temporarily removed to generate Word doc
A wired network interface transmits data via a specific physical medium such as Ethernet cable, fiber optic cable, coaxial cable or power lines. A wireless network interface transmits data in a manner that does not require a specific medium, such as radiofrequency waves or visible light communication through the air. A virtual network interface transmits data through software within the memory of a host system, sometimes across a software-defined network fabric.
@@ -419,7 +419,7 @@ Wireless network interfaces often have an independent real-time operating system
A virtual network interface emulates the device driver interface of a network interface to a host's device driver API. Instead of a physical network interface, it may send and receive packets to a hypervisor, a container, another device driver, another part of the network stack, an application, or other software.
> FIXME add hypervisor or other software to diagram
> FIXME: add hypervisor or other software to diagram
@@ -719,6 +719,8 @@ Recognizing that there may be vulnerabilities discovered between the time that a
The product shall be accompanied by documentation describing how the product may be securely updated, including how to update the product prior to, or as part of, first use.
Guidance: This may include informing the user about automatic secure updates.
* Reference: TR-NKEV
* Objective: Prevent exploitation of known exploited vulnerabilities
* Preparation: Examine public or private vulnerability information sources and select a recently fixed vulnerability (preferably the most recently fixed)
@@ -726,8 +728,6 @@ The product shall be accompanied by documentation describing how the product may
* Verdict: If the secure update completes successfully, the most recently fixed vulnerability is fixed, and the documentation includes all the required information => PASS, otherwise FAIL
* Evidence: Documentation of vulnerability handling, documentation of how to securely update the product, the report for the selected vulnerability, description of how to scan for the vulnerability, log of vulnerability scan results
> TODO: Add automatic update mitigation
#### 5.2.X.x **MI-SCAN**: No easily scannable exploitable vulnerabilities
If automatable and freely-usable vulnerability scanners are available for the product, then the product shall satisfy the following with respect to the three (or fewer, if fewer than three are avilable) most comprehensive of such scanners.
@@ -849,7 +849,7 @@ The manufacturer shall ensure that all security-relevant firmware and software a
The product shall implement appropriate mitigations for memory errors.
> FIXME: Currrently copied from OS, need a plan to synchronize.
> FIXME: Currently copied from the operating systems standard, need a plan to synchronize.
#### 5.2.X.x Default Preparation, Verdict, and Evidence
@@ -1232,7 +1232,7 @@ The product shall detect corruption of the data transmitted by the product.
* Activities: For each type of data and method of detecting corruption, corrupt the data in a way that the method will detect
* Verdict: If all methods of detecting corruption match the type of the data stored, and all the corruptions of data are detected => PASS, otherwise => FAIL
* Verdict: If all methods of detecting corruption match the type of the data transmitted, and all the corruptions of data are detected => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and corruptions of data
@@ -1304,8 +1304,6 @@ The product shall implement a mechanism to notify the host system when it detect
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
