Commit 0a7722ce authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Remove hostile hardware/admin, add admin quality

parent a3f14242

EN-304-626.md

+4 −28
Original line number Diff line number Diff line
@@ -720,34 +720,11 @@ FIXME update RF/UC chart for RF-SOFT 


#### 4.5.1.13 Administration



FIXME distinguish between user and admin

**[RF-ADMN]:** Manufacturers of operating systems which require a privileged administrator role to perform their functions shall document the expected level of administrative skill and availability and implement appropriate safeguards based on the expected level associated with the foreseeable use of the operating system.



#### 4.5.1.14 Sophistication of purchaser



If the purchaser is an OEM or integrator then they are super sophisticated and you can tell them how to use the OS.



FIXME right risk factor?



#### 4.5.1.15 Trustworthiness of platform



* PLAT-0: The entire platform is assumed to be trustworthy.

* PLAT-1: The platform provides methods to check for corruption or malfunction in itself.

* PLAT-2: The platform provides methods to use a trusted part of the platform to authenticate and verify other parts of the platform and the software running on it.

* PLAT-3: The platform only trusts a subset of the platform and all other parts are considered actively hostile at all times.



#### 4.5.1.16 Trustworthiness of administrator



* ADMN-0: No administration is possible.

* ADMN-1: The administrator is assumed to be trustworthy and competent.

* ADMN-2: The administrator is assumed the trustworthy but not competent and the OS must protect against accidental misconfiguration.

* ADMN-3: The administrator is assumed to be actively hostile and the OS must protect against intentional misconfiguration.



#### 4.5.1.16 Trustworthiness of unprivileged user



 * [A-PU-L-0]: No users.

 * [A-PU-L-1]: The user is assumed to be trustworthy and competent

 * [A-PU-L-2]: The user is assumed to be trustworthy but not competent and the OS must protect against accidental misconfiguration.

 * [A-PU-L-3]: The user is assumed to be actively hostile and the OS must protect against intentional misconfiguration.

* ADMN-0: no administration is necessary

* ADMN-1: foreseeable use of the operating system includes skilled administration available on call.

* ADMN-2: foreseeable use of the operating system includes unskilled or no administration.



### 4.5.2 Mapping of Use Cases to Risk Factors
@@ -785,7 +762,6 @@ Potential additional risk factors: 


* Is audit/logging being watched?

* Web browsing or not

* Sensitivy of data collected or transferred

* Sensitivity of functions

* Running on bare metal vs. hypervisor

* Many devices have multiple OS's for elements