@@ -1194,6 +1194,93 @@ All sources of data processed by the device in its secure-by-default configurati
|---------------------|----------------------|
| any | DJST |
### 5.2.X **TR-SCUD**: Secure updates
The product shall be securely updateable by the user.
#### 5.2.X.x **MI-SCFM**: Secure update of firmware
The physical network interface shall provide a method of updating its firmware from the host system.
* Applicability: Product is a physical interface
* Reference: TR-SCUD
* Objective: Secure updates
* Preparation: Prepare a new firmware image with a different version number from the currently installed firmware
* Activities: Check the firmware version, install the new firmware, and check the firmware version
* Verdict: The second version number is that of the new firmware => PASS, otherwise FAIL
* Evidence: Log of querying the firmware version, installing the new firmware, and querying the firmware version again
#### 5.2.X.x **MI-SCDC**: Documentation of secure update of firmware
The product shall be accompanied by documentation of the secure update methods for the physical interface.
* Reference: TR-SCUD
* Objective: Secure updates
* Activities: Assess the documentation for completeness
* Verdict: Documentation describes secure update methods sufficiently for a third party to implement them => PASS, otherwise FAIL
* Evidence: Documentation and analysis of completeness
#### 5.2.X.x **MI-SCDD**: Secure update of firmware via device driver
The device driver shall provide a method of updating the firmware on the device.
* Applicability: Device driver supplied with physical interface
* Reference: TR-SCUD
* Preparation: Prepare a new firmware image with a different version number from the currently installed firmware
* Activities: Check the firmware version, install the new firmware, and check the firmware version
* Verdict: The second version number is that of the new firmware => PASS, otherwise FAIL
* Evidence: Log of querying the firmware version, installing the new firmware, and querying the firmware version again
#### 5.2.X.x **MI-SCHL**: Low secure updates provided by host
The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "Low" security level for the product supplying it.
* Reference: TR-SCUD
* Objective: Secure updates
* Activities: Assess the documentation provided with the product
* Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL
* Evidence: Documentation and analysis of completeness
#### 5.2.X.x **MI-SCHM**: Medium secure updates provided by host
The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "Medium" security level for the product supplying it.
* Reference: TR-SCUD
* Objective: Secure updates
* Activities: Assess the documentation provided with the product
* Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL
* Evidence: Documentation and analysis of completeness
#### 5.2.X.x **MI-SCHH**: High secure updates provided by host
The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "High" security level for the product supplying it.
* Reference: TR-SCUD
* Objective: Secure updates
* Activities: Assess the documentation provided with the product
* Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL
* Evidence: Documentation and analysis of completeness
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|---------------------|----------------------|
| any | SCFM, SCDD, SCDC |
| RSKL | SCDL |
| RSKM | SCDM |
| RSKH | SCDH |
FIXME define RSKL/M/H as a function of other risk factors
| Security Profile | Requires mitigations |
|---------------------|---------------------- |
| VI-1 | SCDL |
| VI-2 | SCDM |
| WD-1 | SCFM, SCDD, SCDC, SCDL |
| WD-2 | SCFM, SCDD, SCDC, SCDM |
| WL-1 | SCFM, SCDD, SCDC, SCDL |
| WL-1 | SCFM, SCDD, SCDC, SCDM |
### 5.2.X **TR-XXXX**: Encryption related stuff
Need to specify encryption related stuff that is not covered by ACM.
@@ -1268,7 +1355,7 @@ Suggested type of tests include, but are not limited to:
| No known exploitable vulnerabilities | _waiting on cross-vertical_ |
| Secure design, development, production | IMEM |
| Secure by default configuration | ADEF |
| Secure updates | _waiting on cross-vertical_ |
| Secure updates | SCUD |
| Authentication and access control mechanisms | _waiting on cross-vertical_ |
| Confidentiality protection | SCNF, TCNF |
| Integrity protection for data and configuration | IMEM |
