Use new threat assessment for DOS on product assets via vuln (9a706510) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+23 −13

Original line number	Diff line number	Diff line
		@@ -1417,7 +1417,7 @@ This clause lists all the mitigations necessary to meet requirements for each se

		SP-WD-1: SCFS, SUDC, (SUVP or SUOE), DJST, (NTFY or WDOG), LOGG

		SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, WDOG, JSTY, LOGG, VULH
		SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

		SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, VULH

		@@ -1896,21 +1896,31 @@ Mitigations for Impact:

		* High to Low: DJST

		[TH-AVAI]: Attacker may exploit vulnerabilities in the product to reduce availability of product assets.
		#### C.4.3.6 TH-AVAI: Denial of service attack on product via exploitation of vulnerabilities

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|
		Attacker may exploit vulnerabilities in the product to reduce availability of product assets.

		\| Risk factors \| Impact \|
		\|------------------------\|--------\|
		\| max(SDS, SDT, FUN) = 2 \| High \|
		\| max(SDS, SDT, FUN) = 1 \| Medium \|
		\| max(SDS, SDT, FUN) = 0 \| Low \|
		\| Risk factors \| Likelihood \| Security profiles \|
		\|-----------------------------------------------\|------------\|------------------------------\|
		\| max(PHYS, SFT, NET) = 0 or COM = 0 or ADM = 0 \| Low \| WD-1 \|
		\| all others \| Medium \| WD-2, WD-3, WD-4, WL-1, VI-1 \|
		\| max(PHYS, SFT, NET) = 2 & COM = 2 & ADM = 2 \| High \| WL-2, WL-3, VI-2 \|

		Requirements: AVAI, LMII, LMAS, LOGG, VULH
		\| Risk factors \| Impact \| Security profiles \|
		\|------------------------\|--------\|-------------------------\|
		\| max(SDS, SDT, FUN) = 0 \| Low \| none \|
		\| max(SDS, SDT, FUN) = 1 \| Medium \| WD-1, WD-3, WL-\*, VI-1 \|
		\| max(SDS, SDT, FUN) = 2 \| High \| WD-2, WD-4, VI-2 \|

		Requirements that mitigate this threat: NKEV, AVAI, LMII, LMAS, LOGG, VULH

		All mitigations for TH-KEVU apply, plus:

		Mitigations for Impact:

		* Medium to Low: (NTFY or WDOG)

		* High to Low: NTFY, WDOG

		[TH-FDOS]: Attacker may use host system or network access for a denial-of-service attack on product functions.

Original line number	Diff line number	Diff line
		@@ -1417,7 +1417,7 @@ This clause lists all the mitigations necessary to meet requirements for each se

		SP-WD-1: SCFS, SUDC, (SUVP or SUOE), DJST, (NTFY or WDOG), LOGG

		SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, WDOG, JSTY, LOGG, VULH
		SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH

		SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\, MZRO-\), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, VULH

		@@ -1896,21 +1896,31 @@ Mitigations for Impact:

		* High to Low: DJST

		[TH-AVAI]: Attacker may exploit vulnerabilities in the product to reduce availability of product assets.
		#### C.4.3.6 TH-AVAI: Denial of service attack on product via exploitation of vulnerabilities

		\| Risk factors \| Likelihood \|
		\|--------------------------------\|------------\|
		\| (SFT > 1 or NET > 1) & COM > 1 \| High \|
		\| (SFT = 1 or NET = 1) & COM > 1 \| Medium \|
		\| (SFT < 1 & NET < 1) or COM = 0 \| Low \|
		Attacker may exploit vulnerabilities in the product to reduce availability of product assets.

		\| Risk factors \| Impact \|
		\|------------------------\|--------\|
		\| max(SDS, SDT, FUN) = 2 \| High \|
		\| max(SDS, SDT, FUN) = 1 \| Medium \|
		\| max(SDS, SDT, FUN) = 0 \| Low \|
		\| Risk factors \| Likelihood \| Security profiles \|
		\|-----------------------------------------------\|------------\|------------------------------\|
		\| max(PHYS, SFT, NET) = 0 or COM = 0 or ADM = 0 \| Low \| WD-1 \|
		\| all others \| Medium \| WD-2, WD-3, WD-4, WL-1, VI-1 \|
		\| max(PHYS, SFT, NET) = 2 & COM = 2 & ADM = 2 \| High \| WL-2, WL-3, VI-2 \|

		Requirements: AVAI, LMII, LMAS, LOGG, VULH
		\| Risk factors \| Impact \| Security profiles \|
		\|------------------------\|--------\|-------------------------\|
		\| max(SDS, SDT, FUN) = 0 \| Low \| none \|
		\| max(SDS, SDT, FUN) = 1 \| Medium \| WD-1, WD-3, WL-\*, VI-1 \|
		\| max(SDS, SDT, FUN) = 2 \| High \| WD-2, WD-4, VI-2 \|

		Requirements that mitigate this threat: NKEV, AVAI, LMII, LMAS, LOGG, VULH

		All mitigations for TH-KEVU apply, plus:

		Mitigations for Impact:

		* Medium to Low: (NTFY or WDOG)

		* High to Low: NTFY, WDOG

		[TH-FDOS]: Attacker may use host system or network access for a denial-of-service attack on product functions.