@@ -1081,11 +1081,21 @@ All debug and management interfaces on the product shall be documented, and the
* Verdict: All debug/management interfaces are documented as to how to disable or protect them, and no interfaces are accessible without authorization after following the documentation to protect or disable them => PASS, otherwise => FAIL
* Evidence: Pictures of the product, list of discovered interfaces, comparison with documentation, notes as to which are documented how to disable/protect, logs of protect/disable actions, logs of attempts to access interfaces after protected or disabled
#### 5.2.8.4 MI-PDDI-2: Protect or disable local software access to debug and management interfaces
#### 5.2.8.4 MI-PDDI-2: Protect or disable physical access to debug and management interfaces
All debug and management interfaces which can be accessed by an agent with physical access to the device the product is installed on shall be protected or disabled by default, unless necessary for backward compatibility. Documentation regarding the removal of such protections by an appropriately sophisticated user may be provided, and shall include information regarding the risks.
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Examine the documentation of the network- and localhost-accessible interfaces of the product and follow the instructions to mitigate the risk of any necessary unprotected or enabled interfaces
* Activities: As an unprivileged process running on the system, attempt to access the system's local debug and management interfaces and make unauthorized changes. Additionally, scan accessible memory and inter-process-communication mechanisms for undocumented debug and management interfaces.
* Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL
* Evidence: List of interfaces, log of attempts to access
#### 5.2.8.4 MI-PDDI-3: Protect or disable local software access to debug and management interfaces
All debug and management interfaces which can be accessed by processes running on the system shall be protected or disabled by default, unless necessary for backward compatibility. Documentation regarding the removal of such protections by an appropriately sophisticated user may be provided, and shall include information regarding the risks.
* Applicability: This mitigation is for products where the system software may be accessed by an untrusted users or processes. This includes products that execute code from untrusted sources or access untrusted network data, for example when browsing the web.
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Examine the documentation of the network- and localhost-accessible interfaces of the product and follow the instructions to mitigate the risk of any necessary unprotected or enabled interfaces
@@ -1093,11 +1103,10 @@ All debug and management interfaces which can be accessed by processes running o
* Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL
* Evidence: List of interfaces, log of attempts to access
#### 5.2.8.5 MI-PDDI-3: Protect or disable network access to debug or management interfaces
#### 5.2.8.5 MI-PDDI-4: Protect or disable network access to debug or management interfaces
All debug and management interfaces accessible via the network shall be protected or disabled by default, unless necessary for backward compatibility. Documentation regarding the removal of such protections by an appropriately sophisticated user may be provided, and shall include information regarding the risks.
* Applicability: Use cases that include foreseeable network access from untrusted sources.
* Reference: TR-SDEF
* Objective: Secure by default
* Preparation: Examine the documentation of the network accessible interfaces of the product and follow the instructions to mitigate the risk of any necessary unprotected or enabled interfaces
@@ -1668,9 +1677,9 @@ Sensitivity of functions of device, as measured by impact of loss of its integri
Exposure of the device to physical access by users.
* PHYS-0: foreseeable use is only in environments with authorized users
* PHYS-1: foreseeable use includes incidental exposure to untrusted users
* PHYS-2: foreseeable use is primarily by untrusted users, e.g. the general public
* PHYS-0: foreseeable use is only in environments without physical exposure to untrusted users
* PHYS-1: foreseeable use includes incidental physical exposure to untrusted users
* PHYS-2: foreseeable use includes regular physical exposure to untrusted users
### C.2.9 RF-UEIN: Processing of Untrusted External Inputs
@@ -2039,12 +2048,12 @@ Mitigations for Impact:
| Use case | NUSR | CUSR | DATA | PPII | SNDS | SNDT | SENF | PHYS | UEIN | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | ADMN | SUPP | TOTAL |
