@@ -921,6 +921,8 @@ The product shall operate in a secure configuration by default.
The product shall require appropriate authorization by default to access security-relevant assets, such as product firmware, security-relevant configuration, sensitive data, and sensitive functions.
Guidance: Appropriate authorization depends on the use case and the asset. For example, if the product's intended purpose is for integration into another product, then authorization is generally not necessary to access assets since the integrator will implement appropriate authorization. Another example would be encryption keys; these should not be readable without authorization such as password-based or pre-shared credentials/secrets from either hte host or the network.
* Reference: TR-SDEF
* Objective: Find any unauthorized access to security relevant assets in default configuration
@@ -933,11 +935,9 @@ The product shall require appropriate authorization by default to access securit
* Evidence: List of interfaces allowing access to security-relevant assets, record of activities used to attempt unauthorized access to security-relevant assets, log of results of attempts
> FIXME: Definition of appropriate authorization is in progress by another group.
#### 5.2.X.x **MI-DPAH**: Documentation of product assets accessible from host
The product shall be accompanied by documentation for all interfaces for the product that can be accessed by the host, describing what product assets are accessible from the interface and what type of access is allowed.
The product shall be accompanied by documentation for all interfaces for the product that can be accessed by the host, describing what product assets are accessible from the interface and what type of access is appropriate for representative use cases or risk profiles.
Guidance: This requirement gives the user or integrator of the product the necessary information they need to implement an appropriate level of access control in the host system. This requirement does not specify how the host implements access control.
@@ -945,16 +945,16 @@ Guidance: This requirement gives the user or integrator of the product the neces
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Define a method that can be used to find all interfaces on the product accessible from the host
* Activities: For each interface, review the documentation to see if it is listed
* Activities: For each interface, review the documentation to see if it is listed and provides the necessary information
* Verdict: If every interface discovered is listed in the documentation and has the required information => PASS, otherwise => FAIL
* Evidence: Method to list all interfaces accessible from the host, list of interfaces discovered, documentation of assets
#### 5.2.X.x **MI-SDEE-1**: Physical access to debug interface
For use case of selling to an integrator
All debug interfaces accessible to someone with physical access to the device shall be documented as to how to protect or disable them.
Guidance: This is for the use case of selling to an integrator.
* Applicability: Physical interface
* Reference: TR-SDEF
* Objective: Secure by default
@@ -965,11 +965,9 @@ All debug interfaces accessible to someone with physical access to the device sh
#### 5.2.X.x **MI-SDEE-2**: Physical access to debug interface
For use case of end user
All debug interfaces accessible to someone with physical access to the device shall be protected or disabled.
All debug interfaces accessible to someone with physical access to the device shall be protected or disabled by default.
FIXME need a requirement that all interfaces are documented
Guidance: This is for the use case of an end user in use cases where physical access is possible for a threat actor.
* Applicability: Physical interface
* Reference: TR-SDEF
@@ -981,9 +979,23 @@ FIXME need a requirement that all interfaces are documented
#### 5.2.X.x **MI-SDEE-3**: Network access to interfaces
For use case of end user
All debug/remote management interfaces accessible via the network shall be protected or disabled by default.
Guidance: For use case of end user depending on network access by threat actors.
* Applicability: Physical interface
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation:
* Activities:
* Verdict: No interface can be used => PASS, otherwise => FAIL
* Evidence: List of interfaces, log of attempts to access
#### 5.2.X.x **MI-SDEE-4**: Network access to interfaces
All debug/remote management interfaces accessible via the network shall be protected or disabled.
All debug/remote management interfaces accessible via the network shall be protected or disabled by default FIXME.
Guidance: For use case of end user for backwards compatibility with insecure protocols.
* Applicability: Physical interface
* Reference: TR-SDEF
@@ -1017,6 +1029,8 @@ The product shall protect data stored on the product from unauthorized access.
The product shall protect data stored on the product from unauthorized access.
Guidance: This may include keys, firmware, configuration, packets, credentials, and data stored in volatile or non-volatile memory or storage.
* Reference: TR-CDST
* Objective: Confidentiality of data
@@ -1205,6 +1219,8 @@ The product shall provide a method of deleting all data and settings and resetti
Guidance: Overwriting all storage or encrypting all data and deleting the key are two secure deletion mechanisms.
FIXME only ones that can be written
#### 5.2.X.x **MI-RSET**: Secure deletion via reset
The product shall reset to its secure-by-default state after a power cycle or reset command.
@@ -1257,13 +1273,11 @@ The product shall reset to its secure-by-default state after the secure deletion
| Risk factors | Requires mitigations |
|--------------|----------------------|
| DAT < 1 | none |
| DAT > 0 | RSET or INST or DELE |
| any | RSET or INST or DELE |
| Security Profile | Requires mitigations |
|------------------|----------------------|
| FIXME | none |
| FIXME | RSET or INST or DELE |
| all | RSET or INST or DELE |
> FIXME: Update when risk factors are fully filled out
