@@ -474,13 +474,30 @@ _The following use cases are provided to assist manufacturers in selecting risk
* connections are proxied by a trusted device, such as a mobile phone
* is not exposed to the internet
* UC-ST-1 Stateless multi-user terminal
* effectively a keyboard, mouse, and display connected to remote server
* multiple users, one user at a time
* no local data or session storage
* connects to trusted local network protected by firewall
* potentially available to public
* professional administration
* UC-PC-1 A personal computer in a fixed and generally safe location
* hardware, software and operating system may be configured and modified by the end-user
* the user may not be either highly skilled or an authorized representative of the manufacturer
* foreseeably connects to the internet and to low-trust local networks, but is not reachable from the open internet
* stores personal information and arbitrary files
* UC-PC-2 A personal laptop
* UC-PC-2 An enterprise workstation in a fixed and generally safe location
* installed in an access-controlled workspace
* serviced by trained professionals who may modify both software and hardware
* connected to the internet with external mitigations, such as enterprise-grade firewalls
* connects to trusted local networks
* hardware likely contains tamper-evident indicators and secure elements for cryptographic storage
* used for web browsing
* stores business data, personal information and arbitrary files
* UC-LA-1 A personal laptop
* hardware, software and operating system may be configured and modified by the end-user
* device is a foreseeable target of theft and tampering by untrusted 3rd parties
* stores personal information and arbitrary files
@@ -488,53 +505,50 @@ _The following use cases are provided to assist manufacturers in selecting risk
* is frequently connected to untrusted networks
* hardware likely contains tamper-evident indicators and secure elements for cryptographic storage
* UC-SE-1 An enterprise server in a datacenter with only trusted user accounts
* UC-LA-2 Enterprise laptop
* hardware, software and operating system may be configured and modified by the end-user
* serviced by trained professionals who may modify both software and hardware
* device is a foreseeable target of theft and tampering by untrusted 3rd parties
* stores business data, personal information and arbitrary files
* unrestricted connection to the internet
* is frequently connected to untrusted networks
* hardware likely contains tamper-evident indicators and secure elements for cryptographic storage
* UC-PS-1 Personal server
* one or a small number of trusted users
* installed in a fixed location at home or in a cohosting facility
* connected to the internet with a firewall
* connects to trusted local network
* limited access permitted from the internet for specific services
* semi-professional semi-automated management by one or a few people
* always stationary, access to hardware interfaces unlikely
* UC-SE-1 An enterprise server in a datacenter with no user accounts
* installed in a monitored and secured facility
* serviced by trained professionals who may modify both software and hardware
* connected to the internet with external mitigations, such as enterprise-grade firewalls
* connects to trusted local networks
* hardware likely contains tamper-evident indicators and secure elements for cryptographic storage
* UC-SE-2 An enterprise server in a datacenter hosting many untrusted user accounts
* Same as UC-SE-1 but with more untrusted users
Remaining use cases to code:
1. Stateless multi-user terminal
* Multi-user system
* Handles different workloads of different users
* No local data or session storage
* Highly network dependent (likely company network with firewall)
1. Enterprise work station (stationary)
* Effectively single user (unless shared, but then more likely to be a "stateless terminal"?)
* Connected to enterprise network with firewall
* Web browsing and office applications
* Managed by the enterprise's IT department
* Transmits and stores business-critical data
* System failure can cause monetary loss (if no proper BCM)
* Always stationary (and supervised), access to hardware interfaces unlikely
1. Personal server
* Usually single account, may give accounts to small trusted circle
* Not exposed to the public
* Behind a firewall
* Access from anywhere via the internet possible (depending on services running)
* Semi-professional semi-automated management by one or a few people
* Always stationary, access to hardware interfaces unlikely
1. Enterprise laptop
* Single account, single user
* Connected to enterprise network with firewall, potentially via VPN
* Web browsing and office applications
* Managed by the enterprise's IT dep. (perhaps with Mobile Device Management)
* Transmits and stores business-critical data
* System failure can cause monetary loss (if no proper BCM)
1. Enterprise multi-user server, internal access only
* Multiple accounts each with a trusted user
* Users may install software into personal directories
* Behind professionally managed firewall
* Automated management and monitoring by IT professionals
* Processes sensitive data
1. Firewalls
* UC-SE-2 An enterprise server in a datacenter with only trusted user accounts
* Same as UC-SE-2 but with trusted users
* UC-SE-3 An enterprise server in a datacenter hosting many untrusted user accounts
* Same as UC-SE-2 but with untrusted users
* UC-IF-1 Internet infrastructure on private network
* UC-IF-2 Internet infrastructure on filtered network
* UC-IF-3 Internet infrastructure on open internet
* UC-FI-1 Firewall for personal network
* UC-FI-2 Firewall for enterprise network
TBD:
* Other use cases for special purpose operating systems
## 4.5 Risk factors
@@ -636,6 +650,7 @@ FIXME add SENS
* FNET-0: foreseeable use is limited to trusted and private networks
* FNET-1: foreseeable use includes untrusted local networks but not the open internet
* FNET-2: foreseeable use includes being connected directly to the open internet
* FNET-3: foreseeable use includes being a firewall connected directly to the open internet
#### 4.5.1.12 Configurability
@@ -647,6 +662,8 @@ FIXME add SENS
### 4.5.1 Mapping of use cases to risk factors
**NOTE:** The "TOTAL" field is not intended for for any actual use. It is only a general guide to help us understand if our risk factor encoding is accurately representing the overall risk associated with each use case.
| Use Case | NUSR | CUSR | DATA | SENS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |
