Commit 6818bbe9 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Renumber clauses according to proposed vertical format

parent b6076e30

EN-304-626.md

+30 −31
Original line number Diff line number Diff line
@@ -1837,9 +1837,9 @@ _Description of mitigation implementing the requirement in "shall" format._ 


> **TODO**: Connect the technical security requirements in clause 5.2 to specific Risk Factors, and define these as sets of Risk Mitigations that will be referenced in clause 6.



# 6 Security Profiles

## 5.4 Security Profiles



## 6.1 General

### 5.4.1 General



Security Profiles are mapped one-to-one to each Use Case (defined in clause 4.4).
@@ -1847,9 +1847,9 @@ Each Security Profile connects one Use Case to its relevant Risk Factors (define 


Risk Tolerances are applied to the foreseeable risks associated to each Security Profile, relative to potential severity and likelihood of an incident affecting users.



## 6.2 Details of Security Profiles

### 5.4.2 Details of Security Profiles



### 6.2.1 SP-IoT-1 :: RT-HIGH

#### 5.4.2.1 SP-IoT-1 :: RT-HIGH



Description: A non-internet-connected device such as a bluetooth speaker
@@ -1867,7 +1867,7 @@ Description: A non-internet-connected device such as a bluetooth speaker 
  * TBD - maybe none?

* Derived Risk Tolerance:    HIGH (4)



### 6.2.2 SP-IoT-2 :: RT-HIGH

#### 5.4.2.2 SP-IoT-2 :: RT-HIGH



Description: An internet-enabled power switch
@@ -1885,7 +1885,7 @@ Description: An internet-enabled power switch 
  * e.g., remote update capability, conformance to wireless security standards, secure-by-default guidance

* Derived Risk Tolerance:    HIGH (4)



### 6.2.3 SP-IoT-3 :: RT-HIGH

#### 5.4.2.3 SP-IoT-3 :: RT-HIGH



Description: An internet-connected "smart home" device, such as a thermostat, fridge, or alarm system
@@ -1901,31 +1901,31 @@ Description: An internet-connected "smart home" device, such as a thermostat, fr 
  * Users are likely to physically interact with the device on a regular basis, so the device should protect against malicious peripherals.

* Derived Risk Tolerance:    HIGH (4)



### 6.2.4 SP-OT-1 :: RT-????

#### 5.4.2.4 SP-OT-1 :: RT-????



Description: A consumer-grade home wireless router

|**UC-OT-1**    |    0 |    0 |    1 |    0 |    1 |    0 |    0 |    0 |    0 |    2 |    2 |    2 |       8 |



### 6.2.5 SP-OT-2 :: RT-????

#### 5.4.2.5 SP-OT-2 :: RT-????



Description: A business-grade remote door locking system

|**UC-OT-2**    |    0 |    0 |    0 |    0 |    2 |    0 |    0 |    0 |    0 |    1 |    1 |    1 |       6 |



### 6.2.6 SP-MOB-1 :: RT-????

#### 5.4.2.6 SP-MOB-1 :: RT-????



Description: A personal smart phone

|**UC-MOB-1**   |    1 |    1 |    2 |    3 |    1 |    3 |    0 |    3 |    2 |    2 |    2 |    2 |      22 |



### 6.2.7 SP-WE-1 :: RT-????

#### 5.4.2.7 SP-WE-1 :: RT-????



Description: A wearable health tracker, such as a smart watch

|**UC-WE-1**    |    1 |    1 |    1 |    2 |    1 |    2 |    0 |    0 |    0 |    1 |    1 |    0 |      10 |



### 6.2.8 SP-ST-1 :: RT-????

#### 5.4.2.8 SP-ST-1 :: RT-????



Description: Stateless multi-user terminal



### 6.2.9 SP-PC-1  ::  RT-LOW

#### 5.4.2.9 SP-PC-1  ::  RT-LOW



Description: A personal computer in a fixed and generally safe location
@@ -1942,7 +1942,7 @@ Description: A personal computer in a fixed and generally safe location 
  * Physical access to the device is likely to be limited only to trusted users, so tamper-resistant mitigations may not be needed -- and may be counter-indicated if end-users are anticipated to perform maintenance tasks.

* Derived Risk Tolerance:    LOW (2)



### 6.2.10 SP-PC-2 :: RT-????

#### 5.4.2.10 SP-PC-2 :: RT-????



Description: An enterprise workstation in a fixed and generally safe location
@@ -1955,7 +1955,7 @@ Description: An enterprise workstation in a fixed and generally safe location 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.11 SP-LA-1 :: RT-???

#### 5.4.2.11 SP-LA-1 :: RT-???



Description: A personal laptop
@@ -1968,7 +1968,7 @@ Description: A personal laptop 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.12 SP-LA-2 :: RT-???

#### 5.4.2.12 SP-LA-2 :: RT-???



Description: Enterprise laptop
@@ -1981,7 +1981,7 @@ Description: Enterprise laptop 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.13 SP-PS-1 :: RT-???

#### 5.4.2.13 SP-PS-1 :: RT-???



Description: Personal server
@@ -1993,7 +1993,7 @@ Description: Personal server 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.14 SP-SE-1 :: RT-???

#### 5.4.2.14 SP-SE-1 :: RT-???



Description: An enterprise server in a datacenter with no user accounts
@@ -2006,7 +2006,7 @@ Description: An enterprise server in a datacenter with no user accounts 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.15 SP-SE-2 :: RT-???

#### 5.4.2.15 SP-SE-2 :: RT-???



Description: An enterprise server in a datacenter with only trusted user accounts
@@ -2019,7 +2019,7 @@ Description: An enterprise server in a datacenter with only trusted user account 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.16 SP-SE-3 :: RT-???

#### 5.4.2.16 SP-SE-3 :: RT-???



Description: An enterprise server in a datacenter hosting many untrusted user accounts
@@ -2032,7 +2032,7 @@ Description: An enterprise server in a datacenter hosting many untrusted user ac 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.17 SP-IF-1 :: RT-???

#### 5.4.2.17 SP-IF-1 :: RT-???



Description: Internet infrastructure on private network
@@ -2045,7 +2045,7 @@ Description: Internet infrastructure on private network 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.18 SP-IF-2 :: RT-???

#### 5.4.2.18 SP-IF-2 :: RT-???



Description: Internet infrastructure on filtered network
@@ -2058,7 +2058,7 @@ Description: Internet infrastructure on filtered network 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.19 SP-IF-3 :: RT-???

#### 5.4.2.19 SP-IF-3 :: RT-???



Description: Internet infrastructure on open internet
@@ -2071,7 +2071,7 @@ Description: Internet infrastructure on open internet 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.20 SP-FI-1 :: RT-???

#### 5.4.2.20 SP-FI-1 :: RT-???



Description: Firewall for personal network
@@ -2084,7 +2084,7 @@ Description: Firewall for personal network 
  * ...

* Derived Risk Tolerance:    --- (-)



### 6.2.21 SP-FI-2 :: RT-???

#### 5.4.2.21 SP-FI-2 :: RT-???



Description: Firewall for enterprise network
@@ -2098,18 +2098,17 @@ Description: Firewall for enterprise network 
* Derived Risk Tolerance:    --- (-)





## 6.3 Mapping of Security Profile to Risk Tolerance

### 5.4.3 Mapping of Security Profile to Risk Tolerance



> TODO



### 5.4.4 Mapping of Security Profile to Risk Mitigation



## 6.4 Mapping of Security Profile to Risk Mitigation

> TODO



# 6 Conformity Assessment







# Annex A (informative): Relationship between the present document and any related ETSI standards (if any)



_List any related ETSI standards and how they interact with the present document._

> FIXME: Split out assessment from clause 5 requirements and put them here if required. For now, they are adjacent to the requirement they are assessing, which is far easier to read, write, and understand.



# Annex A (informative): Mapping between the present document and CRA requirements