Commit 3df931e4 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Remove redundant NUSR from risk formula for UEVU

parent 0effe32a

EN-304-626.md

+5 −5
Original line number Diff line number Diff line
@@ -1798,10 +1798,10 @@ The risk factors by type are: 
Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.



| Risk factors                              | Likelihood | Security profiles                                  |

|-------------------------------------------------|------------|----------------------------------------------------|

| max(NUSR, CUSR, DATA, PHYS, FNET) = 0 or SA-LOW | Low        | LR, IoT-1                                          |

|-------------------------------------------|------------|----------------------------------------------------|

| max(CUSR, DATA, PHYS, FNET) = 0 or SA-LOW | Low        | LR, IoT-1                                          |

| all others                                | Medium     | IoT-2, IoT-3, WE-1, RO-1, OT-1, PC-\*, PS-1, SE-\* |

| max(NUSR, CUSR, DATA, PHYS, FNET) = 2 & SA-HIGH | High       | MOB-1, LA-\*                                       |

| max(CUSR, DATA, PHYS, FNET) = 2 & SA-HIGH | High       | MOB-1, LA-\*                                       |



| Risk factors                    | Impact | Security profiles                                                    |

|---------------------------------|--------|----------------------------------------------------------------------|