Commit 22425b18 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Refactor data risk factors into sensitivy of stored and transmitted

parent 44116ef6

EN-304-626.md

+30 −29
Original line number Diff line number Diff line
@@ -684,22 +684,23 @@ FIXME add the separate concept of users apart from accounts 
* CUSR-3: foreseeable use of the operating system is multiple authenticated users simultaneously active on the operating system who are trusted not to actively attempt to compromise the system

* CUSR-3: foreseeable use of the operating system is multiple authenticated untrusted users simultaneously active on the operating system



#### 4.5.1.x Data Storage

#### 4.5.1.x Sensitivity of Data Stored



**[RF-DATA]:** What kind of data is stored by the operating system.

**[RF-SNDS]:** Sensitivity of data stored, as measured by impact of loss of its integrity, confidentiality, or availability.



* DATA-0: foreseeable use does not include storing user data

* DATA-1: foreseeable use is only to store limited user data types

* DATA-2: foreseeable use is to store arbitrary user data

* SNDS-0: foreseeable use does not include storage of sensitive data

* SNDS-1: foreseeable use includes limited storage of sensitive data

* SNDS-2: foreseeable use includes storing moderate amounts of sensitive data

* SNDS-3: foreseeable use includes storing extensive amounts of sensitive data by default



#### 4.5.1.x Sensitivity of Data

#### 4.5.1.x Sensitivity of Data Transmitted



**[RF-SEND]:** Sensitivity of data collected, as measured by impact of loss of its integrity, confidentiality, or availability.

**[RF-SNDT]:** Sensitivity of data transmitted, as measured by impact of loss of its integrity, confidentiality, or availability.



* SEND-0: foreseeable use does not include collection of sensitive data

* SEND-1: foreseeable use limits collection of sensitive data

* SEND-2: foreseeable use may collect arbitrary amounts of sensitive data

* SEND-3: foreseeable use collects extensive amounts of sensitive data by default

* SNDT-0: foreseeable use does not include transmission of sensitive data

* SNDT-1: foreseeable use includes limits transmission of sensitive data

* SNDT-2: foreseeable use includes transmission of moderate amounts of sensitive data

* SNDT-3: foreseeable use includes transmission of extensive amounts of sensitive data by default



#### 4.5.1.x Sensitivity of Functions
@@ -808,7 +809,7 @@ FIXME add the separate concept of users apart from accounts 


FIXME needs updates



|Risk Factor | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|Risk Factor | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|------------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**Use Case**|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-LR**   |    0 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |       0 |
@@ -1635,7 +1636,7 @@ The product shall reset to its secure-by-default state after the secure deletion 


| Risk factors | Requires mitigations |

|--------------|----------------------|

| SEND < 1     | None                 |

| SNDS < 1     | None                 |

| all others   | RSET or INST or DELE |



| Security Profile | Requires mitigations |
@@ -2067,7 +2068,7 @@ Risk Tolerances are applied to the foreseeable risks associated to each Security 


Description: A non-internet-connected device such as a bluetooth speaker



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

| UC-IoT-1 |    0 |    0 |    0 |    0 |    1 |    0 |    0 |    0 |    0 |    0 |    0 |    0 |       1 |
@@ -2085,7 +2086,7 @@ Description: A non-internet-connected device such as a bluetooth speaker 


Description: An internet-enabled power switch



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|UC-IoT-2  |    0 |    0 |    1 |    0 |    1 |    0 |    0 |    0 |    0 |    1 |    0 |    1 |       4 |
@@ -2103,7 +2104,7 @@ Description: An internet-enabled power switch 


Description: An internet-connected "smart home" device, such as a thermostat, fridge, or alarm system



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|UC-IoT-3  |    0 |    0 |    1 |    0 |    1 |    0 |    1 |    0 |    0 |    1 |    0 |    1 |       5 |
@@ -2143,7 +2144,7 @@ Description: Stateless multi-user terminal 


Description: A personal computer in a fixed and generally safe location



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|UC-PC-1   |    1 |    2 |    2 |    1 |    0 |    0 |    2 |    2 |    1 |    2 |    1 |    2 |      15 |
@@ -2160,7 +2161,7 @@ Description: A personal computer in a fixed and generally safe location 


Description: An enterprise workstation in a fixed and generally safe location



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-PC-2**    |    1 |    2 |    2 |    1 |    0 |    0 |    2 |    2 |    1 |    2 |    1 |    1 |      14 |
@@ -2173,7 +2174,7 @@ Description: An enterprise workstation in a fixed and generally safe location 


Description: A personal laptop



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-LA-1**    |    1 |    2 |    2 |    1 |    1 |    1 |    1 |    2 |    2 |    2 |    2 |    2 |      19 |
@@ -2186,7 +2187,7 @@ Description: A personal laptop 


Description: Enterprise laptop



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-LA-2**    |    1 |    2 |    2 |    1 |    1 |    1 |    1 |    2 |    2 |    2 |    2 |    1 |      18 |
@@ -2199,7 +2200,7 @@ Description: Enterprise laptop 


Description: Personal server



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|



* Risk Factor Score: --
@@ -2211,7 +2212,7 @@ Description: Personal server 


Description: An enterprise server in a datacenter with no user accounts



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-SE-1**    |    0 |    0 |    2 |    0 |    0 |    0 |    1 |    2 |    1 |    1 |    1 |    0 |       9 |
@@ -2224,7 +2225,7 @@ Description: An enterprise server in a datacenter with no user accounts 


Description: An enterprise server in a datacenter with only trusted user accounts



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-SE-2**    |    1 |    1 |    2 |    0 |    0 |    0 |    1 |    2 |    1 |    1 |    1 |    0 |      11 |
@@ -2237,7 +2238,7 @@ Description: An enterprise server in a datacenter with only trusted user account 


Description: An enterprise server in a datacenter hosting many untrusted user accounts



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-SE-3**    |    2 |    2 |    2 |    0 |    0 |    0 |    1 |    2 |    1 |    1 |    1 |    0 |      13 |
@@ -2250,7 +2251,7 @@ Description: An enterprise server in a datacenter hosting many untrusted user ac 


Description: Internet infrastructure on private network



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-IF-1**    |    0 |    0 |    1 |    0 |    0 |    0 |    1 |    0 |    0 |    1 |    0 |    2 |       5 |
@@ -2263,7 +2264,7 @@ Description: Internet infrastructure on private network 


Description: Internet infrastructure on filtered network



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-IF-2**    |    0 |    0 |    1 |    0 |    0 |    0 |    1 |    0 |    0 |    2 |    1 |    1 |       5 |
@@ -2276,7 +2277,7 @@ Description: Internet infrastructure on filtered network 


Description: Internet infrastructure on open internet



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-IF-3**    |    0 |    0 |    1 |    0 |    0 |    0 |    1 |    0 |    0 |    3 |    2 |    1 |       8 |
@@ -2289,7 +2290,7 @@ Description: Internet infrastructure on open internet 


Description: Firewall for personal network



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-FI-1**    |    0 |    0 |    1 |    0 |    0 |    0 |    1 |    0 |    0 |    3 |    1 |    2 |       8 |
@@ -2302,7 +2303,7 @@ Description: Firewall for personal network 


Description: Firewall for enterprise network



| Use Case | NUSR | CUSR | DATA | SEND | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

| Use Case | NUSR | CUSR | DATA | SNDS | PHYS | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | _TOTAL_ |

|----------|------|------|------|------|------|------|------|------|------|------|------|------|---------|

|**UC-FI-2**    |    0 |    0 |    1 |    0 |    0 |    0 |    1 |    0 |    0 |    3 |    1 |    1 |       7 |