General consistency check of threats and risk factors (04308b27) · Commits · STAN4CRA / EN 304 626 Operating Systems

EN-304-626.md

+51 −56

Original line number	Diff line number	Diff line
		@@ -1019,6 +1019,7 @@ The product shall implement appropriate mitigations to minimize impact on other

		Editor's Note: We hope that there will be additional contributions to this section in the future.


		#### 5.2.7.2 MI-MDOC: Document transfer of risk of minimizing impact to operating environment

		The product shall be accompanied by documentation informing the user of the transfer of risk for minimizing impact on other devices and services.
		@@ -1808,42 +1809,42 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati
		\| max(NUSR, CUSR, DATA, PHYS, FNET) = 2 & SA-HIGH \| High \| MOB-1, LA-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| WE-2, RO-1, IoT-3, WE-1, PC-\, LA-1, PS-1, OT-1, MOB-1, LA-2, SE-\ \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: SSDD, MSAF, LMII, LMAS, DMIN, LOGG
		Requirements that mitigate this threat: SSDD, SDEF, MSAF, LMII, LMAS, LOGG

		Mitigations for Likelihood:

		* Medium to Low: SSCA, SCFS, MMAC, ADEF

		* High to Low: SSCA, MMAC, (FZ95 or BTIN or IMSL), SCFS, ASLR, MSAF-\, MZRO-\, MRWX-\*, NKAM, PLLC, MRCO, ADEF, DJST, JSTY
		* High to Low: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\, MZRO-\, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY

		Mitigations for Impact:

		* Medium to Low: LOGG

		* High to Low: DJST, LOGG
		* High to Low: LOGG

		### C.4.4 TH-KEVU: Known exploitable vulnerabilities

		Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.

		\| Risk factors \| Likelihood \| Security profiles \|
		\|----------------------\|------------\|---------------------------------------------------------\|
		\|----------------------\|------------\|------------------------------------------------------------\|
		\| ADMN = 0 or SUPP = 0 \| Low \| LR, IoT-1 \|
		\| all others \| Medium \| IoT-2, IoT-3, WE-1, RO-1, OT-1, PC-2, LA-2, PS-1, SE-\* \|
		\| ADMN = 2 & SUPP = 2 \| High \| MOB-1, PC-1, LA-1 \|
		\| all others \| Medium \| WE-1 \|
		\| ADMN = 2 & SUPP = 2 \| High \| IoT-2, IoT-3, RO-1, OT-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, WE-2, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: NKEV, SSDD, MSAF, LMII, SCUD, LMAS, DMIN, AVAI, LOGG, VULH
		Requirements that mitigate this threat: NKEV, SSDD, SDEF, MSAF, LMII, LMAS, LOGG

		All mitigations from TH-UEVU apply (using that requirement's risk formula), in addition to:

		@@ -1853,12 +1854,6 @@ Mitigations for Likelihood:

		* High to Low: KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH

		Mitigations for Impact:

		* Medium to Low: WDOG

		* High to Low: WDOG

		### C.4.5 TH-UAPP: Unauthorized access to product assets via unprotected physical interfaces in default configuration

		Attacker may use unprotected debug or management interfaces to get unauthorized access to product assets via physical access in the default configuration of the product.
		@@ -1960,10 +1955,10 @@ Attacker may use network access to get unauthorized access to confidential data
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\|--------------\|--------\|----------------------------------------------\|
		\| SNDT = 0 \| Low \| LR, IoT-1 \|
		\| SNDT = 1 \| Medium \| IoT-2, IoT-3, OT-1, WE-1 \|
		\| SNDT = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|
		\| SNDT = 1 \| Medium \| IoT-2, IoT-3, OT-1 \|
		\| SNDT = 2 \| High \| WE-1, RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: CDTX, DMIN

		@@ -1984,15 +1979,15 @@ Mitigations for Impact:
		Attacker may use user or network access for a denial-of-service attack on product functions.

		\| Risk factors \| Likelihood \| \|
		\|---------------------------\|------------\|---------------------------------------------\|
		\| max(NUSR, CUSR, FNET) = 0 \| Low \| LR, IoT-\*, \|
		\| max(NUSR, CUSR, FNET) = 1 \| Medium \| OT-1, MOB-1, WE-1, PC-\, LA-\, SE-1, SE-2 \|
		\|---------------------------\|------------\|-----------------------------------------------------------\|
		\| max(NUSR, CUSR, FNET) = 0 \| Low \| LR, IoT-1 \|
		\| max(NUSR, CUSR, FNET) = 1 \| Medium \| IoT-2, IoT-3, OT-1, MOB-1, WE-1, PC-\, LA-\, SE-1, SE-2 \|
		\| max(NUSR, CUSR, FNET) = 2 \| High \| RO-1, PS-1, SE-3 \|

		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|--------------------------------------\|
		\| SENF = 0 \| Low \| LR, IoT-1, IoT-2 \|
		\| SENF = 1 \| Medium \| IoT-3, WE-1, PC-1, LA-1, PS-1 \|
		\| SENF = 0 \| Low \| LR, IoT-1, IoT-2, WE-1 \|
		\| SENF = 1 \| Medium \| IoT-3, PC-1, LA-1, PS-1 \|
		\| SENF = 2 \| High \| RO-1, OT-1, MOB-1, PC-2, LA-2, SE-\* \|

		Requirements that mitigate this threat: AUTH, AVAI, LMII, LOGG, VULH
		@@ -2007,7 +2002,7 @@ Mitigations for Impact:

		* Medium to Low: LMEM, LOGG

		* High to Low: AVNT, WDOG, FDRP, LMEM, FAIR, LOGG
		* High to Low: AUTH, AVNT, FDRP, LMEM, FAIR, LOGG

		### C.4.11 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions

		@@ -2024,10 +2019,10 @@ Guidance: Traffic amplication attacks and other misuses of product functions are
		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\| TNET = 0 \| Low \| LR, IoT-1 \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\* \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: NKEV, SSDD, MSAF, LMII, MINI, SCUD, LMAS, DMIN, AVAI, LOGG, VULH
		Requirements that mitigate this threat: NKEV, SSDD, SDEF, MSAF, LMII, MINI, LMAS, LOGG

		All mitigations from TH-KEVU apply (using that requirement's risk formula), plus:

		@@ -2041,17 +2036,17 @@ Mitigations for Impact:

		Attacker may masquerade as an authorized server to get unauthorized access to product assets.

		\| Risk factors \| Likelihood \| Security profiles \|
		\|--------------\|------------\|----------------------------------\|
		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\| TNET = 0 \| Low \| LR, IoT-1 \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, RO-1, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| MOB-1, PC-\, LA-\, PS-1, SE-\* \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, WE-2, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: CDTX, CRYP, IDTX, AUTH, LOGG

		@@ -2108,9 +2103,9 @@ Mitigations for Impact:
		\| UC-IoT-2 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 11 \|
		\| UC-IoT-3 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| 0 \| 2 \| 0 \| 1 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 14 \|
		\| UC-RO-1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 2 \| 2 \| 0 \| 2 \| 0 \| 0 \| 0 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 17 \|
		\| UC-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 0 \| 2 \| 13 \|
		\| UC-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 2 \| 14 \|
		\| UC-MOB-1 \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 31 \|
		\| UC-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 15 \|
		\| UC-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 16 \|
		\| UC-PC-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 26 \|
		\| UC-PC-2 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 1 \| 2 \| 26 \|
		\| UC-LA-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 1 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 28 \|
		@@ -2137,9 +2132,9 @@ Security profiles are associated with sets of risk factor levels. Each security
		\| SP-IoT-2 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 11 \|
		\| SP-IoT-3 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| 0 \| 2 \| 0 \| 1 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 14 \|
		\| SP-RO-1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 2 \| 2 \| 0 \| 2 \| 0 \| 0 \| 0 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 17 \|
		\| SP-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 0 \| 2 \| 13 \|
		\| SP-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 2 \| 14 \|
		\| SP-MOB-1 \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 31 \|
		\| SP-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 15 \|
		\| SP-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 16 \|
		\| SP-PC-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 26 \|
		\| SP-PC-2 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 1 \| 2 \| 26 \|
		\| SP-LA-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 1 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 28 \|
		@@ -2169,9 +2164,9 @@ Security assurance levels are informed by but not determined by the risk factor
		\| SP-IoT-2 \| Internet-enabled power switch \| 11 \| MED \|
		\| SP-IoT-3 \| Internet-connected "smart home" device \| 14 \| MED \|
		\| SP-RO-1 \| Consumer-grade home wireless router \| 17 \| MED \|
		\| SP-OT-1 \| Business-grade remote door locking system \| 13 \| MED \|
		\| SP-OT-1 \| Business-grade remote door locking system \| 14 \| MED \|
		\| SP-MOB-1 \| Personal mobile device \| 31 \| HIGH \|
		\| SP-WE-1 \| Wearable health tracker \| 15 \| MED \|
		\| SP-WE-1 \| Wearable health tracker \| 16 \| MED \|
		\| SP-PC-1 \| Personal computer in a fixed and generally safe location \| 26 \| MED \|
		\| SP-PC-2 \| Enterprise workstation in a fixed and generally safe location \| 26 \| MED \|
		\| SP-LA-1 \| Personal laptop \| 28 \| HIGH \|

Original line number	Diff line number	Diff line
		@@ -1019,6 +1019,7 @@ The product shall implement appropriate mitigations to minimize impact on other

		Editor's Note: We hope that there will be additional contributions to this section in the future.


		#### 5.2.7.2 MI-MDOC: Document transfer of risk of minimizing impact to operating environment

		The product shall be accompanied by documentation informing the user of the transfer of risk for minimizing impact on other devices and services.
		@@ -1808,42 +1809,42 @@ Attacker may use unknown exploitable vulnerabilities in the product implementati
		\| max(NUSR, CUSR, DATA, PHYS, FNET) = 2 & SA-HIGH \| High \| MOB-1, LA-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| WE-2, RO-1, IoT-3, WE-1, PC-\, LA-1, PS-1, OT-1, MOB-1, LA-2, SE-\ \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: SSDD, MSAF, LMII, LMAS, DMIN, LOGG
		Requirements that mitigate this threat: SSDD, SDEF, MSAF, LMII, LMAS, LOGG

		Mitigations for Likelihood:

		* Medium to Low: SSCA, SCFS, MMAC, ADEF

		* High to Low: SSCA, MMAC, (FZ95 or BTIN or IMSL), SCFS, ASLR, MSAF-\, MZRO-\, MRWX-\*, NKAM, PLLC, MRCO, ADEF, DJST, JSTY
		* High to Low: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\, MZRO-\, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY

		Mitigations for Impact:

		* Medium to Low: LOGG

		* High to Low: DJST, LOGG
		* High to Low: LOGG

		### C.4.4 TH-KEVU: Known exploitable vulnerabilities

		Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.

		\| Risk factors \| Likelihood \| Security profiles \|
		\|----------------------\|------------\|---------------------------------------------------------\|
		\|----------------------\|------------\|------------------------------------------------------------\|
		\| ADMN = 0 or SUPP = 0 \| Low \| LR, IoT-1 \|
		\| all others \| Medium \| IoT-2, IoT-3, WE-1, RO-1, OT-1, PC-2, LA-2, PS-1, SE-\* \|
		\| ADMN = 2 & SUPP = 2 \| High \| MOB-1, PC-1, LA-1 \|
		\| all others \| Medium \| WE-1 \|
		\| ADMN = 2 & SUPP = 2 \| High \| IoT-2, IoT-3, RO-1, OT-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, WE-2, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: NKEV, SSDD, MSAF, LMII, SCUD, LMAS, DMIN, AVAI, LOGG, VULH
		Requirements that mitigate this threat: NKEV, SSDD, SDEF, MSAF, LMII, LMAS, LOGG

		All mitigations from TH-UEVU apply (using that requirement's risk formula), in addition to:

		@@ -1853,12 +1854,6 @@ Mitigations for Likelihood:

		* High to Low: KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH

		Mitigations for Impact:

		* Medium to Low: WDOG

		* High to Low: WDOG

		### C.4.5 TH-UAPP: Unauthorized access to product assets via unprotected physical interfaces in default configuration

		Attacker may use unprotected debug or management interfaces to get unauthorized access to product assets via physical access in the default configuration of the product.
		@@ -1960,10 +1955,10 @@ Attacker may use network access to get unauthorized access to confidential data
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\|--------------\|--------\|----------------------------------------------\|
		\| SNDT = 0 \| Low \| LR, IoT-1 \|
		\| SNDT = 1 \| Medium \| IoT-2, IoT-3, OT-1, WE-1 \|
		\| SNDT = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|
		\| SNDT = 1 \| Medium \| IoT-2, IoT-3, OT-1 \|
		\| SNDT = 2 \| High \| WE-1, RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: CDTX, DMIN

		@@ -1984,15 +1979,15 @@ Mitigations for Impact:
		Attacker may use user or network access for a denial-of-service attack on product functions.

		\| Risk factors \| Likelihood \| \|
		\|---------------------------\|------------\|---------------------------------------------\|
		\| max(NUSR, CUSR, FNET) = 0 \| Low \| LR, IoT-\*, \|
		\| max(NUSR, CUSR, FNET) = 1 \| Medium \| OT-1, MOB-1, WE-1, PC-\, LA-\, SE-1, SE-2 \|
		\|---------------------------\|------------\|-----------------------------------------------------------\|
		\| max(NUSR, CUSR, FNET) = 0 \| Low \| LR, IoT-1 \|
		\| max(NUSR, CUSR, FNET) = 1 \| Medium \| IoT-2, IoT-3, OT-1, MOB-1, WE-1, PC-\, LA-\, SE-1, SE-2 \|
		\| max(NUSR, CUSR, FNET) = 2 \| High \| RO-1, PS-1, SE-3 \|

		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|--------------------------------------\|
		\| SENF = 0 \| Low \| LR, IoT-1, IoT-2 \|
		\| SENF = 1 \| Medium \| IoT-3, WE-1, PC-1, LA-1, PS-1 \|
		\| SENF = 0 \| Low \| LR, IoT-1, IoT-2, WE-1 \|
		\| SENF = 1 \| Medium \| IoT-3, PC-1, LA-1, PS-1 \|
		\| SENF = 2 \| High \| RO-1, OT-1, MOB-1, PC-2, LA-2, SE-\* \|

		Requirements that mitigate this threat: AUTH, AVAI, LMII, LOGG, VULH
		@@ -2007,7 +2002,7 @@ Mitigations for Impact:

		* Medium to Low: LMEM, LOGG

		* High to Low: AVNT, WDOG, FDRP, LMEM, FAIR, LOGG
		* High to Low: AUTH, AVNT, FDRP, LMEM, FAIR, LOGG

		### C.4.11 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions

		@@ -2024,10 +2019,10 @@ Guidance: Traffic amplication attacks and other misuses of product functions are
		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\| TNET = 0 \| Low \| LR, IoT-1 \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\* \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: NKEV, SSDD, MSAF, LMII, MINI, SCUD, LMAS, DMIN, AVAI, LOGG, VULH
		Requirements that mitigate this threat: NKEV, SSDD, SDEF, MSAF, LMII, MINI, LMAS, LOGG

		All mitigations from TH-KEVU apply (using that requirement's risk formula), plus:

		@@ -2041,17 +2036,17 @@ Mitigations for Impact:

		Attacker may masquerade as an authorized server to get unauthorized access to product assets.

		\| Risk factors \| Likelihood \| Security profiles \|
		\|--------------\|------------\|----------------------------------\|
		\| Risk factors \| Impact \| Security profiles \|
		\|--------------\|--------\|----------------------------------------\|
		\| TNET = 0 \| Low \| LR, IoT-1 \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, RO-1, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| MOB-1, PC-\, LA-\, PS-1, SE-\* \|
		\| TNET = 1 \| Medium \| IoT-2, IoT-3, OT-\*, WE-1 \|
		\| TNET = 2 \| High \| RO-1, MOB-1, PC-\, LA-\, PS-1, SE-\* \|

		\| Risk factors \| Impact \| Security profiles \|
		\|---------------------------------\|--------\|----------------------------------------------------------\|
		\| max(PPII, SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(PPII, SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(PPII, SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, WE-2, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|
		\|---------------------------\|--------\|----------------------------------------------------\|
		\| max(SNDS, SNDT, SENF) = 0 \| Low \| LR, IoT-1 \|
		\| max(SNDS, SNDT, SENF) = 1 \| Medium \| IoT-2, IoT-3 \|
		\| max(SNDS, SNDT, SENF) = 2 \| High \| RO-1, OT-1, MOB-1, WE-1, PC-\, LA-\, PS-1, SE-\* \|

		Requirements that mitigate this threat: CDTX, CRYP, IDTX, AUTH, LOGG

		@@ -2108,9 +2103,9 @@ Mitigations for Impact:
		\| UC-IoT-2 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 11 \|
		\| UC-IoT-3 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| 0 \| 2 \| 0 \| 1 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 14 \|
		\| UC-RO-1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 2 \| 2 \| 0 \| 2 \| 0 \| 0 \| 0 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 17 \|
		\| UC-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 0 \| 2 \| 13 \|
		\| UC-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 2 \| 14 \|
		\| UC-MOB-1 \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 31 \|
		\| UC-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 15 \|
		\| UC-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 16 \|
		\| UC-PC-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 26 \|
		\| UC-PC-2 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 1 \| 2 \| 26 \|
		\| UC-LA-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 1 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 28 \|
		@@ -2137,9 +2132,9 @@ Security profiles are associated with sets of risk factor levels. Each security
		\| SP-IoT-2 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 0 \| 0 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 11 \|
		\| SP-IoT-3 \| 0 \| 0 \| 1 \| 0 \| 1 \| 1 \| 1 \| 0 \| 2 \| 0 \| 1 \| 0 \| 0 \| 1 \| 1 \| 1 \| 2 \| 2 \| 14 \|
		\| SP-RO-1 \| 0 \| 0 \| 1 \| 0 \| 1 \| 2 \| 2 \| 0 \| 2 \| 0 \| 0 \| 0 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 17 \|
		\| SP-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 0 \| 2 \| 13 \|
		\| SP-OT-1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 1 \| 0 \| 0 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 2 \| 14 \|
		\| SP-MOB-1 \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 2 \| 0 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 31 \|
		\| SP-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 15 \|
		\| SP-WE-1 \| 0 \| 0 \| 1 \| 1 \| 2 \| 2 \| 0 \| 1 \| 2 \| 1 \| 0 \| 1 \| 0 \| 1 \| 0 \| 1 \| 2 \| 1 \| 16 \|
		\| SP-PC-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 26 \|
		\| SP-PC-2 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 2 \| 0 \| 2 \| 0 \| 2 \| 2 \| 1 \| 2 \| 1 \| 2 \| 1 \| 2 \| 26 \|
		\| SP-LA-1 \| 1 \| 1 \| 2 \| 1 \| 2 \| 2 \| 1 \| 1 \| 2 \| 1 \| 1 \| 2 \| 2 \| 2 \| 1 \| 2 \| 2 \| 2 \| 28 \|
		@@ -2169,9 +2164,9 @@ Security assurance levels are informed by but not determined by the risk factor
		\| SP-IoT-2 \| Internet-enabled power switch \| 11 \| MED \|
		\| SP-IoT-3 \| Internet-connected "smart home" device \| 14 \| MED \|
		\| SP-RO-1 \| Consumer-grade home wireless router \| 17 \| MED \|
		\| SP-OT-1 \| Business-grade remote door locking system \| 13 \| MED \|
		\| SP-OT-1 \| Business-grade remote door locking system \| 14 \| MED \|
		\| SP-MOB-1 \| Personal mobile device \| 31 \| HIGH \|
		\| SP-WE-1 \| Wearable health tracker \| 15 \| MED \|
		\| SP-WE-1 \| Wearable health tracker \| 16 \| MED \|
		\| SP-PC-1 \| Personal computer in a fixed and generally safe location \| 26 \| MED \|
		\| SP-PC-2 \| Enterprise workstation in a fixed and generally safe location \| 26 \| MED \|
		\| SP-LA-1 \| Personal laptop \| 28 \| HIGH \|