Use new threat assessment for acquisition of used product

#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

| Security profiles            | Mitigations          |

|------------------------------|----------------------|

| WD-1                         | none                 |

| WD-3, WL-1, VI-1             | KEVD, KEVM           |

| WD-2, WD-4, WL-2, WL-3, VI-2 | KEVA, (KEVT or SCAN) |

_See Annex C for rationale._

Not all mitigations apply to all security profiles. See Annex C.4.

### 5.2.X **TR-SSDD**: Secure design and development

  * Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL

  * Evidence: List of interfaces, log of attempts to access

#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

| Risk factors | Requires mitigations       |

|--------------|----------------------------|

| PHY > 0      | PDDI-1, PDDI-2, ADEF, DPAH |

| SFT > 0      | PDDI-1, PDDI-3, ADEF, DPAH |

| NET > 0      | PDDI-1, PDDI-4, ADEF, DPAH |

| Security Profile       | Requires mitigations       |

|------------------------|----------------------------|

| WD-1                   | none                       |

| WD-2, WL-1             | PDDI-1, PDDI-4, ADEF, DPAH |

| VI-\*                  | PDDI-1, PDDI-3, ADEF, DPAH |

| WD-3, WD-4, WL-2, WL-3 | PDDI-\*, ADEF, DPAH        |

### 5.2.X **TR-SCUD**: Secure updates

### 5.3.2 Wireless network interface risk mitigation sets

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH

### 5.3.3 Virtual network interface risk mitigation sets

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, RSET or INST or DELE, SDRF, VULH

SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, SDRF, VULH

SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR, VULH

SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH

# 6 Conformity Assessment

| max(SYS, SDS, SDT, FUN, DOS) = 1 | Medium | WD-1, WD-3, WL-\*, VI-1 |

| max(SYS, SDS, SDT, FUN, DOS) = 2 | High   | WD-2, WD-4, VI-2        |

Requirements: SSDD, LMII, DMIN, LMAS, LOGG

Requirements that mitigate this threat: SSDD, LMII, DMIN, LMAS, LOGG

Mitigations for Likelihood:

* High to Low: DJST, NTFY, WDOG, LOGG

#### C.4.3.3 Access to data via acquisition of used product

**[TH-PHYS]:** Attacker may get unauthorized access to confidential data stored on the product through acquisition of a used product.

| Risk factors | Likelihood |

|--------------|------------|

| ADM = 2      | High       |

| ADM = 1      | Medium     |

| ADM = 0      | Low        |

| Risk factors       | Likelihood | Security profiles |

|--------------------|------------|-------------------|

| ADM = 0 or SDS = 0 | Low        | WD-\*, VI-1       |

| all others         | Medium     | WL-\*             |

| ADM = 2 & SDS = 2  | High       | VI-2              |

| Risk factors | Impact |

|--------------|--------|

| SDS = 2      | High   |

| SDS = 1      | Medium |

| SDS = 0      | Low    |

| Risk factors | Impact | Security profiles |

|--------------|--------|-------------------|

| SDS = 0      | Low    | WD-\*             |

| SDS = 1      | Medium | WL-\*, VI-1       |

| SDS = 2      | High   | VI-2              |

Requirements that mitigate this threat: SCDL, SDEF

Mitigations for Likelihood:

* Medium to Low: (RSET or INST or DELE)

* High to Low: (RSET or INST or DELE)

Mitigations for Impact:

* Medium to Low: CDST, ADEF, DPAH

Requirements: SDEL, SDEF

* High to Low: CDST, ADEF, DPAH, PDDI-\*

**[TH-CONF]:** Attacker may use configuration errors to get unauthorized access to the product assets.

|--------|------------------------------------------|

| KEVU   | NKEV, SCUD, SSDD, LMII, LMAS, LOGG, VULH |

| UEVU   | SSDD, LMII, DMIN, LMAS, LOGG             |

| PHYS   | SDEL, SDEF                               |

| PHYS   | SCDL, SDEF                               |

| CONF   | SDEF                                     |

| UADT   | CDTX, DMIN, LMAS                         |

| AVAI   | AVAI, LMII, LMAS, LOGG, VULH             |