@@ -996,75 +996,79 @@ All debug/remote management interfaces accessible via the network shall be prote
The product shall protect confidential assets from unauthorized access.
#### 5.2.X.x **MI-SCNF**: Confidentiality of data stored on the product
### 5.2.X **TR-CDST**: Confidentiality of data stored on the product
FIXME split this up into types of data, which may require different mitigations
#### 5.2.X.x Requirement
The product shall protect data stored on the product from unauthorized access.
NOTE this is about once you have it configured securely, does it actually protect the data
#### 5.2.X.x **MI-CDST**: Protect confidentiality of data stored on the product
The product shall protect confidential data stored on the product from unauthorized access.
The product shall protect data stored on the product from unauthorized access.
* Reference: TR-CONF
* Reference: TR-CDST
* Objective: Confidentiality of data
* Preparation: List all types of data that may be stored on the product that should not be readable without authorization, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method
* Preparation: List all types of data that may be stored on the product that should not be readable without authorization, what methods of ensuring confidentiality are appropriate for each type, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method
* Activities: For each type of data and each access mechanism, attempt to read the data without authorization
* Activities: For each type of data and each access mechanism, determine the method of ensuring confidentiality used, and attempt to read the data without authorization
* Verdict: If all the attempts to read confidential data fail => PASS, otherwise => FAIL
* Verdict: If all methods of ensuring confidentiality match the type of the data stored, and all the attempts to read confidential data without authorization fail => PASS, otherwise => FAIL
* Evidence: Logs of attempts to read confidential data with indication of success or failure
* Evidence: Logs of determination of type of data and method of confidentiality and attempts to read confidential data without authorization
FIXME split into two things
Guidance: Data may be protected by the environment, permissions, encryption, salting and hashing, offline storage, or hardware-backed secrets.
What types of data are there on a network interface, split up by how they should be protected?
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
Readable only by privileged user:
| Risk factors | Requires mitigations |
|--------------|----------------------|
| SNDS < 1 | none |
| all others | CDST |
* Security keys for validation of access to itself (firmware, management access)
* Security keys for packet encryption or network access
* All accessible host data and functions
| Security Profile | Requires mitigations |
|------------------|----------------------|
| LR, IoT-1 | none |
| all others | CDST |
Okay to read by anyone:
### 5.2.X **TR-CDTX**: Confidentiality of data transmitted by product
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
The product shall protect data transmitted by the product from unauthorized access.
| Risk factors | Requires mitigations |
|---------------------|----------------------|
| any | SCNF |
#### 5.2.X.x **MI-CDTX**: Protect confidentiality of data transmitted by product
| Security Profile | Requires mitigations |
|---------------------|----------------------|
| any | SCNF |
The product shall protect data transmitted by the product from unauthorized access.
#### 5.2.X.x **MI-TCNF**: Confidentiality of data transmitted by product
* Reference: TR-CDTX
FIXME require documentation of the level of security in transmitting data provided by the product to other parts of the system.
* Objective: Confidentiality of data
* Applicability: (for requirements that depend on a feature)
* Reference: TR-
* Objective:
* Preparation:
* Activities:
* Verdict:
* Evidence:
* Preparation: List all types of data that may be transmitted on the product that should not be readable without authorization, what methods of ensuring confidentiality are appropriate for each type, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method
* Activities: For each type of data and each access mechanism, determine the method of ensuring confidentiality used, and attempt to read the data without authorization
* Verdict: If all methods of ensuring confidentiality match the type of the data transmitted, and all the attempts to read confidential data without authorization fail => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and method of confidentiality and attempts to read confidential data without authorization
Guidance: Data transmitted may be protected by the environment or encryption.
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
