Commit 9f2e85a8 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Update risk factor mapping for NKEV requirements

parent 17468c19

EN-304-625.md

+6 −6
Original line number Diff line number Diff line
@@ -744,14 +744,14 @@ If automatable and freely-usable vulnerability scanners are available for the pr 
  * Evidence: Documented vulnerability handling policy, list of vulnerability scanners selected, reports from each scanner, correlation of reports of discovered vulnerabilities with documentation of mitigations



| Risk factors                          | Requires mitigations |

|------------------------------------------------------|----------------------|

| max(LOC, NET, SYS, SDS, SDT, FUN, DOS) < 1           | none                 |

| max(LOC, NET, DOS) < 1 & max(SYS, SDS, SDT, FUN) = 1 | KEVD                 |

|---------------------------------------|----------------------|

| max(LOC, NET, SDS, SDT, FUN, DOS) < 1 | none                 |

| max(LOC, NET, SDS, SDT, FUN, DOS) < 2 | KEVD                 |

| all others                            | KEVD, SCAN           |



| Security Profile | Requires mitigations |

|------------------|----------------------|

| WD-1             | KEVD                 |

| WD-1, WL-1, VI-1 | KEVD                 |

| all others       | KEVD, SCAN           |



### 5.2.X **TR-SSDD**: Secure design and development