Change the axes on the mitigation mappings (8180bb3c) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+36 −39

Original line number	Diff line number	Diff line
		@@ -886,19 +886,17 @@ TBD describe this, basically smart fuzzing by hand :)

		Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| None \| NET = 0 \|
		\| SSCA \| NET <= 1 or COM = 0 \|
		\| FZ95 \| any \|
		\| IMSL \| any \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| None \| VI-1 \|
		\| SSCA \| WD-2 \|
		\| FZ95 \| any \|
		\| MSEL \| any \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| NET = 0 \| None \|
		\| NET <= 0 or COM = 0 \| SSCA \|
		\| NET > 0 and COM > 0 \| FZ95 or IMSL \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| VI-1 \| None \|
		\| WD-2 \| SSCA \|
		\| all others \| FZ95 or IMSL \|

		### 5.2.X.x TR-MDNF: Mitigate disabling of network functions

		@@ -918,13 +916,18 @@ The network interface shall implement a watchdog mechanism that observes whether

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| WDOG \| any \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| REM == 0 & FUN <= 1 \| None \|
		\| REM > 0 or FUN = 2 \| WDOG \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|------------------------------------------\|
		\| WDOG \| WD-1, WD-2, WL-1, WL-2 \|
		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| VI-1, VI-2 \| N/A \|
		\| WD-1, WL-1 \| None FIXME \|
		\| WD-2, WL-2 \| WDOG FIXME \|

		FIXME security profiles aren't rated for REM or FUN yet

		> Copy-n-paste mitigation format

		@@ -943,26 +946,20 @@ _Description of mitigation in "shall" format._

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| XXXX \| LOC NET COM ADM \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| XXXX \| WD-1, WD-2, WL-1, WL-2, VI-1, VI-2 \|

		Security profile to risk mapping for construction above tables

		\| Security profile \| LOC \| NET \| COM \| ADM \|
		\|------------------\|---------\|---------\|---------\|---------\|
		\| SP-WD-1 \| LOC-L-1 \| NET-L-2 \| COM-L-2 \| ADM-L-0 \|
		\| SP-WD-2 \| LOC-L-3 \| NET-L-2 \| COM-L-0 \| ADM-L-1 \|
		\| SP-WL-1 \| LOC-L-2 \| NET-L-2 \| COM-L-3 \| ADM-L-1 \|
		\| SP-WL-2 \| LOC-L-3 \| NET-L-2 \| COM-L-3 \| ADM-L-1 \|
		\| SP-VI-1 \| LOC-L-2 \| NET-L-0 \| COM-L-0 \| ADM-L-1 \|
		\| SP-VI-2 \| LOC-L-3 \| NET-L-2 \| COM-L-1 \| ADM-L-1 \|


		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| NET <= 0 or COM = 0 \| SSCA \|
		\| NET > 0 and COM > 0 \| FZ95 or IMSL \|
		\| REM > 0 or FUN = 2 \| WDOG \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|--------------------------------------------\|
		\| VI-1 \| None \|
		\| VI-2 \| FZ95 or IMSL \|
		\| WD-1 \| SSCA \|
		\| WD-2 \| FZ95 or IMSL, WDOG \|
		\| WL-1 \| FZ95 or IMSL \|
		\| WL-2 \| FZ95 or IMSL, WDOG \|

		# Annex A (informative): Mapping between the present document and CRA requirements

Original line number	Diff line number	Diff line
		@@ -886,19 +886,17 @@ TBD describe this, basically smart fuzzing by hand :)

		Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| None \| NET = 0 \|
		\| SSCA \| NET <= 1 or COM = 0 \|
		\| FZ95 \| any \|
		\| IMSL \| any \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| None \| VI-1 \|
		\| SSCA \| WD-2 \|
		\| FZ95 \| any \|
		\| MSEL \| any \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| NET = 0 \| None \|
		\| NET <= 0 or COM = 0 \| SSCA \|
		\| NET > 0 and COM > 0 \| FZ95 or IMSL \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| VI-1 \| None \|
		\| WD-2 \| SSCA \|
		\| all others \| FZ95 or IMSL \|

		### 5.2.X.x TR-MDNF: Mitigate disabling of network functions

		@@ -918,13 +916,18 @@ The network interface shall implement a watchdog mechanism that observes whether

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| WDOG \| any \|
		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| REM == 0 & FUN <= 1 \| None \|
		\| REM > 0 or FUN = 2 \| WDOG \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|------------------------------------------\|
		\| WDOG \| WD-1, WD-2, WL-1, WL-2 \|
		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| VI-1, VI-2 \| N/A \|
		\| WD-1, WL-1 \| None FIXME \|
		\| WD-2, WL-2 \| WDOG FIXME \|

		FIXME security profiles aren't rated for REM or FUN yet

		> Copy-n-paste mitigation format

		@@ -943,26 +946,20 @@ _Description of mitigation in "shall" format._

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Mitigation \| Satisfies TR if risk factors are \|
		\|------------\|----------------------------------\|
		\| XXXX \| LOC NET COM ADM \|

		\| Mitigation \| Satisfies TR for these security profiles \|
		\|------------\|--------------------------------------------\|
		\| XXXX \| WD-1, WD-2, WL-1, WL-2, VI-1, VI-2 \|

		Security profile to risk mapping for construction above tables

		\| Security profile \| LOC \| NET \| COM \| ADM \|
		\|------------------\|---------\|---------\|---------\|---------\|
		\| SP-WD-1 \| LOC-L-1 \| NET-L-2 \| COM-L-2 \| ADM-L-0 \|
		\| SP-WD-2 \| LOC-L-3 \| NET-L-2 \| COM-L-0 \| ADM-L-1 \|
		\| SP-WL-1 \| LOC-L-2 \| NET-L-2 \| COM-L-3 \| ADM-L-1 \|
		\| SP-WL-2 \| LOC-L-3 \| NET-L-2 \| COM-L-3 \| ADM-L-1 \|
		\| SP-VI-1 \| LOC-L-2 \| NET-L-0 \| COM-L-0 \| ADM-L-1 \|
		\| SP-VI-2 \| LOC-L-3 \| NET-L-2 \| COM-L-1 \| ADM-L-1 \|


		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| NET <= 0 or COM = 0 \| SSCA \|
		\| NET > 0 and COM > 0 \| FZ95 or IMSL \|
		\| REM > 0 or FUN = 2 \| WDOG \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|--------------------------------------------\|
		\| VI-1 \| None \|
		\| VI-2 \| FZ95 or IMSL \|
		\| WD-1 \| SSCA \|
		\| WD-2 \| FZ95 or IMSL, WDOG \|
		\| WL-1 \| FZ95 or IMSL \|
		\| WL-2 \| FZ95 or IMSL, WDOG \|

		# Annex A (informative): Mapping between the present document and CRA requirements