Update risk factors and security profiles for secure design/dev (8448d8cb) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+16 −16

Original line number	Diff line number	Diff line
		@@ -791,15 +791,15 @@ The manufacturer shall ensure that all security-relevant firmware and software a
		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Risk factors \| Requires mitigations \|
		\|---------------------\|------------------------------------\|
		\|--------------\|------------------------------------\|
		\| NET < 1 \| SCFS \|
		\| NET < 1 or COM < 1 \| SCFS, SSCA \|
		\| NET > 0 and COM > 0 \| SCFS, SCCA, (FZ95 or ETIN or IMSL) \|
		\| NET < 2 \| SCFS, SSCA \|
		\| NET > 1 \| SCFS, SCCA, (FZ95 or ETIN or IMSL) \|

		\| Security Profile \| Requires mitigations \|
		\|------------------\|------------------------------------\|
		\| VI-1 \| SCFS \|
		\| WD-2 \| SCFS, SSCA \|
		\| WD-1, VI-1 \| SCFS \|
		\| WL-1 \| SCFS, SSCA \|
		\| all others \| SCFS, SSCA, (FZ95 or ETIN or IMSL) \|

		### 5.2.X TR-MSAF: Memory error mitigations
		@@ -1476,27 +1476,27 @@ If the product provides a method to transfer data and settings to another produc

		### 5.3.1 Wired network interface risk mitigation sets

		SP-WD-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG
		SP-WD-1: KEVD, SCFS, SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG

		SP-WD-2: KEVD, SCAN, SCFS, SSCA, IMSL or (MSAF-\, MZRO-\), SDEE-1, SDEE-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG
		SP-WD-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SDEE-1, SDEE-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG

		SP-WD-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG
		SP-WD-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG

		SP-WD-4: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG
		SP-WD-4: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG

		### 5.3.2 Wireless network interface risk mitigation sets

		SP-WL-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-1: KEVD, SCFS, SSCA, IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-WL-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-WL-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		### 5.3.3 Virtual network interface risk mitigation sets

		SP-VI-1: KEVD, SCFS, IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-VI-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR
		SP-VI-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR

		# 6 Conformity Assessment

Original line number	Diff line number	Diff line
		@@ -791,15 +791,15 @@ The manufacturer shall ensure that all security-relevant firmware and software a
		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Risk factors \| Requires mitigations \|
		\|---------------------\|------------------------------------\|
		\|--------------\|------------------------------------\|
		\| NET < 1 \| SCFS \|
		\| NET < 1 or COM < 1 \| SCFS, SSCA \|
		\| NET > 0 and COM > 0 \| SCFS, SCCA, (FZ95 or ETIN or IMSL) \|
		\| NET < 2 \| SCFS, SSCA \|
		\| NET > 1 \| SCFS, SCCA, (FZ95 or ETIN or IMSL) \|

		\| Security Profile \| Requires mitigations \|
		\|------------------\|------------------------------------\|
		\| VI-1 \| SCFS \|
		\| WD-2 \| SCFS, SSCA \|
		\| WD-1, VI-1 \| SCFS \|
		\| WL-1 \| SCFS, SSCA \|
		\| all others \| SCFS, SSCA, (FZ95 or ETIN or IMSL) \|

		### 5.2.X TR-MSAF: Memory error mitigations
		@@ -1476,27 +1476,27 @@ If the product provides a method to transfer data and settings to another produc

		### 5.3.1 Wired network interface risk mitigation sets

		SP-WD-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG
		SP-WD-1: KEVD, SCFS, SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG

		SP-WD-2: KEVD, SCAN, SCFS, SSCA, IMSL or (MSAF-\, MZRO-\), SDEE-1, SDEE-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG
		SP-WD-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SDEE-1, SDEE-4, ADEF, DPAH, SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG

		SP-WD-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG
		SP-WD-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG

		SP-WD-4: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG
		SP-WD-4: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG

		### 5.3.2 Wireless network interface risk mitigation sets

		SP-WL-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-1: KEVD, SCFS, SSCA, IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-WL-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-WL-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF
		SP-WL-3: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		### 5.3.3 Virtual network interface risk mitigation sets

		SP-VI-1: KEVD, SCFS, IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF

		SP-VI-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR
		SP-VI-2: KEVD, (KEVL or SCAN), SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\, MZRO-\), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR

		# 6 Conformity Assessment

Admin message