Commit 0a7722ce authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Remove hostile hardware/admin, add admin quality

parent a3f14242

EN-304-626.md

+4 −28
Original line number Original line Diff line number Diff line
@@ -720,34 +720,11 @@ FIXME update RF/UC chart for RF-SOFT 




#### 4.5.1.13 Administration

#### 4.5.1.13 Administration





FIXME distinguish between user and admin

**[RF-ADMN]:** Manufacturers of operating systems which require a privileged administrator role to perform their functions shall document the expected level of administrative skill and availability and implement appropriate safeguards based on the expected level associated with the foreseeable use of the operating system.





#### 4.5.1.14 Sophistication of purchaser

* ADMN-0: no administration is necessary



* ADMN-1: foreseeable use of the operating system includes skilled administration available on call.

If the purchaser is an OEM or integrator then they are super sophisticated and you can tell them how to use the OS.

* ADMN-2: foreseeable use of the operating system includes unskilled or no administration.



FIXME right risk factor?



#### 4.5.1.15 Trustworthiness of platform



* PLAT-0: The entire platform is assumed to be trustworthy.

* PLAT-1: The platform provides methods to check for corruption or malfunction in itself.

* PLAT-2: The platform provides methods to use a trusted part of the platform to authenticate and verify other parts of the platform and the software running on it.

* PLAT-3: The platform only trusts a subset of the platform and all other parts are considered actively hostile at all times.



#### 4.5.1.16 Trustworthiness of administrator



* ADMN-0: No administration is possible.

* ADMN-1: The administrator is assumed to be trustworthy and competent.

* ADMN-2: The administrator is assumed the trustworthy but not competent and the OS must protect against accidental misconfiguration.

* ADMN-3: The administrator is assumed to be actively hostile and the OS must protect against intentional misconfiguration.



#### 4.5.1.16 Trustworthiness of unprivileged user



 * [A-PU-L-0]: No users.

 * [A-PU-L-1]: The user is assumed to be trustworthy and competent

 * [A-PU-L-2]: The user is assumed to be trustworthy but not competent and the OS must protect against accidental misconfiguration.

 * [A-PU-L-3]: The user is assumed to be actively hostile and the OS must protect against intentional misconfiguration.





### 4.5.2 Mapping of Use Cases to Risk Factors

### 4.5.2 Mapping of Use Cases to Risk Factors
@@ -785,7 +762,6 @@ Potential additional risk factors: 




* Is audit/logging being watched?

* Is audit/logging being watched?

* Web browsing or not

* Web browsing or not

* Sensitivy of data collected or transferred

* Sensitivity of functions

* Sensitivity of functions

* Running on bare metal vs. hypervisor

* Running on bare metal vs. hypervisor

* Many devices have multiple OS's for elements

* Many devices have multiple OS's for elements