> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough. What kinds of threats are in and out of scope? What are you assuming is the sophistication of attack? Relate to use cases.
### C.3.1 Proper host system
> FIXME more assumptions, associate with risk factors and security requirements
**[AS-PH]:** The host system the product is attached to is trustworthy.
Assume no physical tampering
### C.3.2 Proper administrator
For wireless - operating environment of standard applies
**[AS-PA]:** The product administrator is not intentionally hostile and is engaging in good faith efforts to administer the product properly.
### C.3.3 Attacker has limited physical access to product
**[AS-LP]:** An attacker will have only temporary physical access to the product.
### C.3.4 Attacker has limited resources
**[AS-LR]:** An attacker has the resources available to a small group of skilled individuals, without the backing of large corporations, nation-states, or immense wealth.
