Commit 5b316160 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Finish rename of security levels to security profiles

parent 2a8c284b

EN-304-625.md

+15 −17
Original line number Diff line number Diff line
@@ -354,7 +354,7 @@ The device driver often needs elevated privileges to read and write memory. Devi 


## 4.4 Use cases



This list of use cases is an informative resource to the manufacturer to simplify choosing a set of security requirements. Each use case is mapped to a security level, which is a collection of risks and the security requirements necessary to mitigate them.

This list of use cases is an informative resource to the manufacturer to simplify choosing a set of security requirements. Each use case is mapped to a security profile, which is a collection of risks and the security requirements necessary to mitigate them.



### 4.4.1 Wired network interface use cases
@@ -522,9 +522,9 @@ The risk factors identified by the risk assessment in Annex C are grouped into r 
  * **[ADM-L-0]** Professional administration

  * **[ADM-L-1]** Amateur administration



### 4.5.1 Mapping of use cases to risk factors and security levels

### 4.5.1 Mapping of use cases to risk factors and security profiles



| Use case                                                            | USR | ACC | COM | ADM | Sec Lev |

| Use case                                                            | USR | ACC | COM | ADM | Sec Pro |

|---------------------------------------------------------------------|-----|-----|-----|-----|---------|

| UC-WD-1 Wired enterprise device in isolated internal infrastructure | L-0 | L-0 | L-1 | L-0 | SC-WD-1 |

| UC-WD-2 Wired enterprise internal infrastructure device             | L-0 | L-1 | L-2 | L-0 | SC-WD-1 |
@@ -548,16 +548,14 @@ The risk factors identified by the risk assessment in Annex C are grouped into r 


### 4.6.1 General



Security profiles are an informative resource to the manufacturer. Each security level is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each security requirements necessary to treat the risk.

Security profiles are an informative resource to the manufacturer. Each security profile is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each security requirements necessary to treat the risk.



### 4.6.2 Mapping of security level to risk factors

### 4.6.2 Mapping of security profile to risk factors



Security profiles are associated with sets of risk factor levels.



> FIXME add security requirements when they exist



| Security level | USR     | ACC     | COM     | ADM     |

|----------------|---------|---------|---------|---------|

| Security profile | USR     | ACC     | COM     | ADM     |

|------------------|---------|---------|---------|---------|

| SC-WD-1          | USR-L-1 | ACC-L-1 | COM-L-2 | ADM-L-0 |

| SC-WD-2          | USR-L-1 | ACC-L-2 | COM-L-2 | ADM-L-0 |

| SC-WD-3          | USR-L-2 | ACC-L-2 | COM-L-0 | ADM-L-1 |