@@ -1040,7 +1040,7 @@ Some risks may be transferred partially or fully to other components of the syst
### 5.2.X.x Requirement
### 5.2.X.x Requirement
The product shall protect security-relevant memory addresses from unauthorized access by executables under the product's control, including the product itself. This includes system memory, storage addressable via memory mapping, memory for I/O devices, and anything else accessible via the memory-related instructions in the platform.
The product shall protect memory addresses from unauthorized access by executables under the product's control, including the product itself. This includes system memory, storage addressable via memory mapping, memory for I/O devices, and anything else accessible via the memory-related instructions in the platform.
The product does not need to protect against unauthorized access by elements of the platform it is running on (e.g. CPU microcode, devices on the system bus, other operating systems in the device, a hypervisor). Future iterations of the standard may add this requirement for appropriate use cases.
The product does not need to protect against unauthorized access by elements of the platform it is running on (e.g. CPU microcode, devices on the system bus, other operating systems in the device, a hypervisor). Future iterations of the standard may add this requirement for appropriate use cases.
@@ -1073,17 +1073,15 @@ All warnings, annotations, or other method of suppressing warnings from the anal
#### 5.2.X.x **MI-MMAC**: Memory access control
#### 5.2.X.x **MI-MMAC**: Memory access control
The manufacturer shall implement MI-SSCA.
The product shall implement mandatory hardware-enforced access control to memory to prevent unauthorized access of memory.
The product shall implement mechanisms to prevent unauthorized access to the memory used by security-relevant parts of the product. The product shall use user identifiers, discretionary access control, or mandatory access control to prevent unauthorized access of memory owned by user accounts by other user accounts.
* Applicability: Has user accounts
* Reference: TR-MISO
* Test: from a user account, attempt to read, modify, and execute security-relevant parts of product memory that the user is not authorized to access in this way
* Objective: Prevent unauthorized memory access
* Result: failure to access memory
* Preparation: List the methods of accessing memory and the types of access control to memory
* Output: error message logged by the test
* Activities: For each method of accessing memory and each type of access control to memory, attempt to use the method of accessing memory to gain access to memory that the executable is not authorized to access due to the access control
* Verdict: All memory accesses fail => PASS, otherwise FAIL
* Test: with the privileges of one user, attempt to read, modify, and execute process memory owned by another user that the user is not authorized to access in this way
* Evidence: List of methods of accessing memory and types of access control, output of tests
* Result: failure to access memory
* Output: error message logged by the test
#### 5.2.X.x **MI-CCON**: Prevent creation of more than one user account
#### 5.2.X.x **MI-CCON**: Prevent creation of more than one user account
