Loading EN-304-625.md +28 −25 Original line number Diff line number Diff line Loading @@ -496,34 +496,34 @@ _The following use cases are provided to assist manufacturers in selecting risk ### 4.7.1 Wired network interface use cases * UC-WD-1 Wired professional device in isolated internal infrastructure * UC-WD-1 Wired stationary home IoT device * E.g. thermostat, fridge * Behind home gateway firewall * Host access limited to people within the home * Simple, low-feature network interface implementation * Non-professional administration * UC-WD-2 Wired professional device in isolated internal infrastructure * E.g. Data center for internal job processing, smart meter in an isolated private network * Behind a firewall/gateway, no direct route to internet * Users are administrators and approved (predefined, fixed) applications * Network interface implements performance optimizations * Professional administration * UC-WD-2 Wired professional device in internal infrastructure * UC-WD-3 Wired professional internal infrastructure device * E.g. switches behind edge firewall devices * Behind a firewall, routing filtered internet traffic * Users are administrators * Network interface implements performance optimizations * Professional administration * UC-WD-3 Wired professional edge device or internet infrastructure * UC-WD-4 Wired professional edge device or internet infrastructure * E.g. firewalls, VPN servers, switches in IXPs and ISPs, smart meter gateways and data concentrators in a smart metering system * Exposed to entire internet on the public network side * Users are administrators and approved applications * Network interface implements performance optimizations * Professional administration * UC-WD-4 Wired stationary home IoT device * E.g. thermostat, fridge * Behind home gateway firewall * Host access limited to people within the home * Simple, low-feature network interface implementation * Non-professional administration * UC-WD-5 Wired stationary home gateway * E.g. ISP-managed access point * Exposed to the entire internet, with potentially some ISP filtering Loading Loading @@ -2013,16 +2013,16 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG | Use case | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WD-1 | 0 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-2 | 0 | 1 | 2 | 0 | 0 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 2 | 2 | 0 | 2 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-4 | 0 | 2 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 2 | SP-WD-2 | | UC-WD-5 | 0 | 2 | 1 | 1 | 2 | 1 | 1 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 2 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-2 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-4 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-5 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 2 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 2 | 2 | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 3 | 2 | 1 | 0 | 2 | 1 | 1 | 1 | 1 | 1 | SP-WD-4 | | UC-WD-10 | 3 | 2 | 1 | 1 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WD-4 | | UC-WD-8 | 2 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | SP-WD-4 | | UC-WD-10 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WD-4 | #### C.5.2.2 Wireless network interface use cases Loading Loading @@ -2057,12 +2057,15 @@ Security profiles are associated with sets of risk factor levels. #### C.6.2.1 Wired network interface security profiles | Security profile | LOC | NET | COM | ADM | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 2 | 2 | 0 | 1 | 1 | 1 | 2 | 1 | | SP-WD-2 | 0 | 2 | 1 | 1 | 1 | 1 | 1 | 2 | 2 | | SP-WD-3 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WD-4 | 3 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | Use case | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | Security profile | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-2 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 2 | 1 | | SP-WD-3 | 2 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | #### C.6.2.2 Wireless network interface security profiles Loading Loading
EN-304-625.md +28 −25 Original line number Diff line number Diff line Loading @@ -496,34 +496,34 @@ _The following use cases are provided to assist manufacturers in selecting risk ### 4.7.1 Wired network interface use cases * UC-WD-1 Wired professional device in isolated internal infrastructure * UC-WD-1 Wired stationary home IoT device * E.g. thermostat, fridge * Behind home gateway firewall * Host access limited to people within the home * Simple, low-feature network interface implementation * Non-professional administration * UC-WD-2 Wired professional device in isolated internal infrastructure * E.g. Data center for internal job processing, smart meter in an isolated private network * Behind a firewall/gateway, no direct route to internet * Users are administrators and approved (predefined, fixed) applications * Network interface implements performance optimizations * Professional administration * UC-WD-2 Wired professional device in internal infrastructure * UC-WD-3 Wired professional internal infrastructure device * E.g. switches behind edge firewall devices * Behind a firewall, routing filtered internet traffic * Users are administrators * Network interface implements performance optimizations * Professional administration * UC-WD-3 Wired professional edge device or internet infrastructure * UC-WD-4 Wired professional edge device or internet infrastructure * E.g. firewalls, VPN servers, switches in IXPs and ISPs, smart meter gateways and data concentrators in a smart metering system * Exposed to entire internet on the public network side * Users are administrators and approved applications * Network interface implements performance optimizations * Professional administration * UC-WD-4 Wired stationary home IoT device * E.g. thermostat, fridge * Behind home gateway firewall * Host access limited to people within the home * Simple, low-feature network interface implementation * Non-professional administration * UC-WD-5 Wired stationary home gateway * E.g. ISP-managed access point * Exposed to the entire internet, with potentially some ISP filtering Loading Loading @@ -2013,16 +2013,16 @@ Requirements: NKEV, SCUD, SSDD, MSAF, LMAS, LOGG | Use case | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | UC-WD-1 | 0 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-2 | 0 | 1 | 2 | 0 | 0 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 2 | 2 | 0 | 2 | 1 | 1 | 1 | 2 | 1 | SP-WD-1 | | UC-WD-4 | 0 | 2 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 2 | SP-WD-2 | | UC-WD-5 | 0 | 2 | 1 | 1 | 2 | 1 | 1 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 2 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 2 | SP-WD-1 | | UC-WD-2 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-1 | | UC-WD-3 | 0 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-4 | 0 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | SP-WD-2 | | UC-WD-5 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-2 | | UC-WD-6 | 1 | 1 | 1 | 0 | 1 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-7 | 2 | 1 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-8 | 2 | 2 | 1 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 3 | 2 | 1 | 0 | 2 | 1 | 1 | 1 | 1 | 1 | SP-WD-4 | | UC-WD-10 | 3 | 2 | 1 | 1 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WD-4 | | UC-WD-8 | 2 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | SP-WD-3 | | UC-WD-9 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | SP-WD-4 | | UC-WD-10 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 0 | 0 | 1 | SP-WD-4 | #### C.5.2.2 Wireless network interface use cases Loading Loading @@ -2057,12 +2057,15 @@ Security profiles are associated with sets of risk factor levels. #### C.6.2.1 Wired network interface security profiles | Security profile | LOC | NET | COM | ADM | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 2 | 2 | 0 | 1 | 1 | 1 | 2 | 1 | | SP-WD-2 | 0 | 2 | 1 | 1 | 1 | 1 | 1 | 2 | 2 | | SP-WD-3 | 2 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | SP-WD-4 | 3 | 2 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | | Use case | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | Sec Pro | |----------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|---------| | Security profile | LOC | NET | COM | ADM | LIS | SYS | SDS | SDT | FUN | INT | |------------------|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| | SP-WD-1 | 0 | 0 | 1 | 1 | 0 | 1 | 0 | 1 | 1 | 2 | | SP-WD-2 | 0 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 2 | 1 | | SP-WD-3 | 2 | 2 | 1 | 1 | 2 | 1 | 0 | 1 | 1 | 1 | | SP-WD-4 | 3 | 2 | 1 | 0 | 2 | 1 | 0 | 1 | 2 | 1 | #### C.6.2.2 Wireless network interface security profiles Loading
