@@ -598,7 +598,7 @@ The pre-defined Security Profiles in Section 6 list the appropriate mitigations
Note: "account" refers to a user in the operating systems sense: a unique system identity associated with certain authorization and permissions. "User" refers to an entity that uses the device for some purpose. Users may have many accounts and accounts may have many users.
#### 4.5.1.1 Number of User Accounts
#### 4.5.1.x Number of User Accounts
**[RF-NUSR]:** The number of user accounts that end-users may authenticate to, excluding administrator accounts.
@@ -609,7 +609,7 @@ f* NUSR-2: foreseeable use of the operating system is primarily that of a single
FIXME add the separate concept of users apart from accounts
#### 4.5.1.2 User Account Concurrency
#### 4.5.1.x User Account Concurrency
**[RF-CUSR]:** The number of user accounts that may use the system concurrently, including administrator accounts if they are configurable or accessible by end-users.
@@ -618,7 +618,7 @@ FIXME add the separate concept of users apart from accounts
* CUSR-2: forseeable use of the operating system is with one end-user authenticated concurrently, but multiple end-user accounts may be simultaneously active on the operating system
* CUSR-3: foreseeable use of the operating system is multiple authenticated users simultaneously active on the operating system
#### 4.5.1.3 Data Storage
#### 4.5.1.x Data Storage
**[RF-DATA]:** What kind of data is stored by the operating system.
@@ -626,7 +626,7 @@ FIXME add the separate concept of users apart from accounts
* DATA-1: the operating system is designed only to store limited data types
* DATA-2: the operating system is designed to store arbitrary data
#### 4.5.1.4 Sensitivity of Data
#### 4.5.1.x Sensitivity of Data
**[RF-SENS]:** Sensitivity of data collected, as measured by impact of loss of its integrity, confidentiality, or availability.
@@ -635,7 +635,7 @@ FIXME add the separate concept of users apart from accounts
* SENS-2: foreseeable use may collect arbitrary amounts of sensitive data
* SENS-3: foreseeable use collects extensive amounts of sensitive data by default
#### 4.5.1.5 Sensitivity of Functions
#### 4.5.1.x Sensitivity of Functions
**[RF-SENS]:** Sensitivity of functions of device, as measured by impact of loss of its integrity, confidentiality, or availability.
@@ -644,7 +644,7 @@ FIXME add the separate concept of users apart from accounts
* SENS-2: foreseeable use may provide arbitrary functions
* SENS-3: foreseeable use provides sensitive functions by default
#### 4.5.1.6 Physical Access by Threat Actors to the Device
#### 4.5.1.x Physical Access by Threat Actors to the Device
**[RF-PHYS]:** Exposure of the device to physical access by users.
@@ -652,7 +652,7 @@ FIXME add the separate concept of users apart from accounts
* PHYS-1: may be incidentally exposed to untrusted users
* PHYS-2: used primarily by untrusted users, e.g. the general public
#### 4.5.1.7 Logical Access by Threat Actors Via Local Software
#### 4.5.1.x Logical Access by Threat Actors Via Local Software
**[RF-UEXC]:** Exposure to untrusted executables running on the platform.
@@ -660,7 +660,7 @@ FIXME add the separate concept of users apart from accounts
* UEXC-1: may be incidentally exposed to untrusted software
* UEXC-2: used primarily to run untrusted software
#### 4.5.1.8 Processing of Untrusted External Inputs
#### 4.5.1.x Processing of Untrusted External Inputs
**[RF-UEIN]:** Exposure to untrusted external inputs that are processed by the platform.
@@ -668,7 +668,7 @@ FIXME add the separate concept of users apart from accounts
* UEIN-1: may incidentally process untrusted external inputs
* UEIN-2: used primarily to process untrusted external inputs
#### 4.5.1.9 Probability of Loss of the Device
#### 4.5.1.x Probability of Loss of the Device
**[RF-LOSS]:** Likelihood of loss or theft of the device, allowing threat actors unlimited physical access to the device.
@@ -677,7 +677,7 @@ FIXME add the separate concept of users apart from accounts
* LOSS-2: foreseeable use of the operating system is in a device with moderate loss likelihood
* LOSS-3: foreseeable use of the operating system is in a device with a high loss likelihood, such as devices which are common targets of theft such as mobile phones
#### 4.5.1.10 Hardware Modifiability by End Users
#### 4.5.1.x Hardware Modifiability by End Users
**[RF-HWMD]:** Likelihood that the hardware of the platform will be changed from its secure-by-default state.
@@ -685,7 +685,7 @@ FIXME add the separate concept of users apart from accounts
* HWMD-1: foreseeable use of the operating system includes hardware modifications by skilled or trusted users, such as corporate IT support staff
* HWMD-2: foreseeable use of the operating system includes hardware modification by unskilled users, such as in a personal computer
#### 4.5.1.11 Software Modifiability by End Users
#### 4.5.1.x Software Modifiability by End Users
**[RF-SWMD]:** Likelihood that the software on the platform (including firmware) will be changed from its secure-by-default state.
@@ -694,7 +694,7 @@ FIXME add the separate concept of users apart from accounts
* SWMD-2: foreseeable use allows for the installation of arbitrary software or for substantial modification of pre-installed software
* SWMD-3: foreseeable use actively encourages and facilitates the installation of arbitrary software
#### 4.5.1.12 Untrusted Peripheral Devices
#### 4.5.1.x Untrusted Peripheral Devices
**[RF-DVCS]:** Likelihood of unstrusted peripheral devices being attached to the platform via a connection that is a plausible attack vector, such as by USB or PCI bus.
@@ -702,7 +702,7 @@ FIXME add the separate concept of users apart from accounts
* DVCS-1: foreseeable use includes only trusted and safe peripheral devices
* DVCS-2: foreseeable use allows for arbitrary peripheral device attachment
#### 4.5.1.13 Access to a Public Network
#### 4.5.1.x Access to a Public Network
**[RF-TNET]:** Likelihood that the device will initiate connections to public networks.
@@ -710,7 +710,7 @@ FIXME add the separate concept of users apart from accounts
* TNET-1: foreseeable use allows internet access for only highly restricted functions, such as retrieving security updates
* TNET-2: foreseeable use allows for arbitrary access to a public network, such as by browsing the web
#### 4.5.1.14 Accessed From Untrusted Networks Including a Public Network
#### 4.5.1.x Accessed From Untrusted Networks Including a Public Network
**[RF-FNET]:** Likelihood that the device will be exposed to incoming traffic from public networks.
@@ -719,7 +719,7 @@ FIXME add the separate concept of users apart from accounts
* FNET-2: foreseeable use includes being connected directly to the open internet
* FNET-3: foreseeable use includes being a firewall connected directly to the open internet
#### 4.5.1.15 Configurability
#### 4.5.1.x Configurability
**[RF-CONF]:** Degree of security-relevant configuration change possible on the operating system.
@@ -727,7 +727,7 @@ FIXME add the separate concept of users apart from accounts
* CONF-1: foreseeable use allows operating system configuration changes only by skilled or trusted users, such as corporate IT support staff
* CONF-2: foreseeable use of the operating system includes configuration changes by end-users
#### 4.5.1.16 Administration
#### 4.5.1.x Administration
**[RF-ADMN]:** Availability and skill of administrators.
