Loading EN-304-626.md +2 −72 Original line number Diff line number Diff line Loading @@ -1909,79 +1909,9 @@ For each threat, both likelihood and impact must be Low before the risk is consi The risk factors by type are: * Likelihood: NUSR CUSR PHYS UEIN LOSS HWMD SWMD DVCS TNET FNET CONF ADMN SUPP * Impact: SNDS SNDT SENF * Likelihood: NUSR CUSR DATA PHYS UEIN LOSS HWMD SWMD DVCS TNET FNET CONF ADMN SUPP The mitigations that reduce risk by type are: Likelihood: MI-KEVD: Documentation for secure update before or during first use MI-KEVA: Automatic secure update before or during first use MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities MI-KEVT: Testing for known exploitable vulnerabilities MI-SCAN: No easily scannable known exploitable vulnerabilities MI-SSCA: Static source code analysis for memory errors MI-FZ95: Runtime code coverage checking with memory access error detection MI-IMSL: Implement in a memory-safe language MI-BTIN: Boundary testing of inputs that may cause memory errors MI-SCFS: Secure compilation flags MI-MMAC: Memory access control MI-CCON: Prevent creation of more than one user account MI-UCON: Prevent concurrent user account usage MI-PMSC: Prevent memory leaks through microarchitectural side channels in provided executables MI-TRMD: Transfer risk of microarchitectural side channel data leaks to user MI-ASLR: Address Space Layout Randomization MI-MSAF-1: Stack exhaustion detection MI-MSAF-2: Stack linear buffer overflow detection MI-MSAF-3: Array bounds checking MI-MSAF-4: Heap linear buffer overflow detection MI-MSAF-5: Heap use-after-free access prevention MI-MSAF-6: Heap free checking MI-MZRO-1: Stack memory zeroing MI-MZRO-2: Heap memory zeroing MI-MRWX-1: Prevent writes to executable and read-only data memory MI-MRWX-2: Prevent execution of non-kernel code memory MI-NKAM: Prevent unintentional kernel access to userspace memory MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces MI-PDDI-3: Protect or disable network access to debug/management interfaces MI-SCHL: Low security updates provided by operational environment MI-SCHM: Medium security updates provided by operational environment MI-SCHH: High security updates provided by operational environment MI-RSET: Secure deletion via reset MI-INST: Secure deletion via reinstallation MI-DELE: Secure deletion via secure deletion function MI-VULH: Vulnerability handling Impact: MI-CDST: Protect confidentiality of data stored on the product MI-CDTX: Protect confidentiality of data transmitted by product MI-DOCC: Document transfer of risk of confidentiality of data transmitted by product MI-IDST: Protect integrity of data stored on the product MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage MI-FAIR: Fair resource usage and prioritization MI-DOST: Document risk transfer to operational environment for denial of service MI-JSTY: Document and justify exposed interfaces MI-LOGG: Logging MI-SDRF: Secure data read from product MI-SDTR: Secure data transfer to another product * Impact: PPII SNDS SNDT SENF ### C.4.3 List of threats, risk assessments, and mitigations Loading Loading
EN-304-626.md +2 −72 Original line number Diff line number Diff line Loading @@ -1909,79 +1909,9 @@ For each threat, both likelihood and impact must be Low before the risk is consi The risk factors by type are: * Likelihood: NUSR CUSR PHYS UEIN LOSS HWMD SWMD DVCS TNET FNET CONF ADMN SUPP * Impact: SNDS SNDT SENF * Likelihood: NUSR CUSR DATA PHYS UEIN LOSS HWMD SWMD DVCS TNET FNET CONF ADMN SUPP The mitigations that reduce risk by type are: Likelihood: MI-KEVD: Documentation for secure update before or during first use MI-KEVA: Automatic secure update before or during first use MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities MI-KEVT: Testing for known exploitable vulnerabilities MI-SCAN: No easily scannable known exploitable vulnerabilities MI-SSCA: Static source code analysis for memory errors MI-FZ95: Runtime code coverage checking with memory access error detection MI-IMSL: Implement in a memory-safe language MI-BTIN: Boundary testing of inputs that may cause memory errors MI-SCFS: Secure compilation flags MI-MMAC: Memory access control MI-CCON: Prevent creation of more than one user account MI-UCON: Prevent concurrent user account usage MI-PMSC: Prevent memory leaks through microarchitectural side channels in provided executables MI-TRMD: Transfer risk of microarchitectural side channel data leaks to user MI-ASLR: Address Space Layout Randomization MI-MSAF-1: Stack exhaustion detection MI-MSAF-2: Stack linear buffer overflow detection MI-MSAF-3: Array bounds checking MI-MSAF-4: Heap linear buffer overflow detection MI-MSAF-5: Heap use-after-free access prevention MI-MSAF-6: Heap free checking MI-MZRO-1: Stack memory zeroing MI-MZRO-2: Heap memory zeroing MI-MRWX-1: Prevent writes to executable and read-only data memory MI-MRWX-2: Prevent execution of non-kernel code memory MI-NKAM: Prevent unintentional kernel access to userspace memory MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces MI-PDDI-3: Protect or disable network access to debug/management interfaces MI-SCHL: Low security updates provided by operational environment MI-SCHM: Medium security updates provided by operational environment MI-SCHH: High security updates provided by operational environment MI-RSET: Secure deletion via reset MI-INST: Secure deletion via reinstallation MI-DELE: Secure deletion via secure deletion function MI-VULH: Vulnerability handling Impact: MI-CDST: Protect confidentiality of data stored on the product MI-CDTX: Protect confidentiality of data transmitted by product MI-DOCC: Document transfer of risk of confidentiality of data transmitted by product MI-IDST: Protect integrity of data stored on the product MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage MI-FAIR: Fair resource usage and prioritization MI-DOST: Document risk transfer to operational environment for denial of service MI-JSTY: Document and justify exposed interfaces MI-LOGG: Logging MI-SDRF: Secure data read from product MI-SDTR: Secure data transfer to another product * Impact: PPII SNDS SNDT SENF ### C.4.3 List of threats, risk assessments, and mitigations Loading
