Clarify host system access risk factor to include both access and sensitivity

**[SYS]** Impact of access to host system assets

Description: Measures the impact of the product's access to host system assets.

Description: Measures the impact of the product's access to host system assets, which is a combination of the level of access and the sensitivity of the host system assets.

The communications bus used to connect to the host system usually controls the level of access. E.g., a network interface connected by USB versions below 4.0 can only access system resources via the host USB stack software, but a network interface on a PCIe bus (including tunneled over USB 4.0) or a virtual network interface that has privileged access to the host system can write any part of host system memory.

The communications bus used to connect to the host system usually controls the level of access. E.g., a network interface connected by USB versions below 4.0 can only access system resources via the host USB stack software, but a network interface on a PCIe bus (including tunneled over USB 4.0) or a virtual network interface that has privileged access to the host system can write any part of host system memory. The sensitivity of the host assets changes the impact of this risk factor.

Rationale: Access to host systems assets increases the impact of attacks.

Rationale: An attacker can get access to host system functions via the product's access.

Type: Affects impact of all attacks.

  * **[SYS-L-0]** Little or no impact

  * **[SYS-L-1]** Moderate impact

  * **[SYS-L-2]** High impact

  * **[SYS-L-0]** Little or no access to the host, or little or no sensitivity of host assets

  * **[SYS-L-1]** High degree of access to host and moderate sensitivity of host assets, or moderate access and high sensitivy

  * **[SYS-L-2]** High degree of access and high sensitivity of host assets

**[SDS]** Sensitivity of data stored