Commit 49cc2d8b authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Format mitigation sets

parent c8a982b6

EN-304-626.md

+541 −33
Original line number Diff line number Diff line
@@ -1494,41 +1494,549 @@ When the product is intended for integration into subsequent products in a suppl 


## 5.3 Risk Mitigation Sets



Each risk mitigation is only necessary for the security profiles (see clause C.6.2) that require it to treat a risk. This clause lists all mitigations that are necessary for each security profile.



> TODO-HAS: For each security profile, list all the mitigations required by the threat assessments in C.4.



SP-LR: none



SP-IoT-1: none



SP-IoT-2: SSCA, SCFS, MMAC, ADEF, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, AUTH, DOCC, DJST, DOST, (MDOC or MAMP), SUDC, CDTX, CRYP, IDTX, DMIN



SP-IoT-3: SSCA, SCFS, MMAC, ADEF, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, AUTH, DOCC, DJST, DOST, LMEM, (MDOC or MAMP), SUDC, CDTX, CRYP, IDTX, DMIN



SP-RO-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AUTH, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-OT-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, ADEF, PDDI-1, PDDI-2, PDDI-4, AUTH, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, (MDOC or MAMP), SUDC, CDTX, CRYP, IDTX, DMIN



SP-MOB-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, ADEF, PDDI-2, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN

### 5.3.1 General



SP-WE-1: SSCA, SCFS, MMAC, ADEF, JSTY, LOGG, (KEVD or KEVA), KEVM, (SUVP or SUAP or SUOE or SUAO), VULH, ADEF, PDDI-1, PDDI-2, PDDI-4, AUTH, DOCC, DJST, DOST, (MDOC or MAMP), SUDC, CDTX, CRYP, IDTX, DMIN



SP-PC-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, LMEM, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-PC-2: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-LA-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, ADEF, PDDI-2, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, LMEM, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-LA-2: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, ADEF, PDDI-2, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-PS-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, LMEM, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, (TRMD or PMSC), DMIN



SP-SE-1: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, DMIN



SP-SE-2: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, (TRMD or PMSC), DMIN

Each risk mitigation is only necessary for the security profiles (see clause C.6.2) that require it to treat a risk. This clause lists all mitigations that are necessary for each security profile.



SP-SE-3: SSCA, (FZ95 or BTIN or IMSL), SCFS, MMAC, ASLR, MSAF-\*, MZRO-\*, MRWX-\*, NKAM, PLLC, MRCO, ADEF, JSTY, LOGG, KEVA, KEVM, (KEVT or SCAN), (SUAP or SUAO), VULH, PDDI-1, PDDI-3, PDDI-4, AUTH, CDTX, DCTX, DOCC, DJST, DOST, AVNT, FDRP, LMEM, FAIR, MNET, MAMP, SUDC, CDTX, CRYP, IDTX, (TRMD or PMSC), DMIN

### 5.3.2 SP-LR required mitigations



None.



### 5.3.3 SP-IoT-1 required mitigations



None.



### 5.3.4 SP-IoT-2 required mitigations



  1. SSCA

  1. SCFS

  1. MMAC

  1. ADEF

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. AUTH

  1. DOCC

  1. DJST

  1. DOST

  1. (MDOC or MAMP)

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.5 SP-IoT-3 required mitigations



  1. SSCA

  1. SCFS

  1. MMAC

  1. ADEF

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. AUTH

  1. DOCC

  1. DJST

  1. DOST

  1. LMEM

  1. (MDOC or MAMP)

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.6 SP-RO-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AUTH

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.7 SP-OT-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. ADEF

  1. PDDI-1

  1. PDDI-2

  1. PDDI-4

  1. AUTH

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. (MDOC or MAMP)

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.8 SP-MOB-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. ADEF

  1. PDDI-2

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.9 SP-WE-1 required mitigations



  1. SSCA

  1. SCFS

  1. MMAC

  1. ADEF

  1. JSTY

  1. LOGG

  1. (KEVD or KEVA)

  1. KEVM

  1. (SUVP or SUAP or SUOE or SUAO)

  1. VULH

  1. ADEF

  1. PDDI-1

  1. PDDI-2

  1. PDDI-4

  1. AUTH

  1. DOCC

  1. DJST

  1. DOST

  1. (MDOC or MAMP)

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.10 SP-PC-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. LMEM

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.11 SP-PC-2 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.12 SP-LA-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. ADEF

  1. PDDI-2

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. LMEM

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.13 SP-LA-2 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. ADEF

  1. PDDI-2

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.14 SP-PS-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. LMEM

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. (TRMD or PMSC)

  1. DMIN



### 5.3.15 SP-SE-1 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. DMIN



### 5.3.16 SP-SE-2 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. (TRMD or PMSC)

  1. DMIN



### 5.3.17 SP-SE-3 required mitigations



  1. SSCA

  1. (FZ95 or BTIN or IMSL)

  1. SCFS

  1. MMAC

  1. ASLR

  1. MSAF-\*

  1. MZRO-\*

  1. MRWX-\*

  1. NKAM

  1. PLLC

  1. MRCO

  1. ADEF

  1. JSTY

  1. LOGG

  1. KEVA

  1. KEVM

  1. (KEVT or SCAN)

  1. (SUAP or SUAO)

  1. VULH

  1. PDDI-1

  1. PDDI-3

  1. PDDI-4

  1. AUTH

  1. CDTX

  1. DCTX

  1. DOCC

  1. DJST

  1. DOST

  1. AVNT

  1. FDRP

  1. LMEM

  1. FAIR

  1. MNET

  1. MAMP

  1. SUDC

  1. CDTX

  1. CRYP

  1. IDTX

  1. (TRMD or PMSC)

  1. DMIN



# 6 Conformity Assessment