WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -534,12 +534,12 @@ _The following use cases are an illustrative subset of all possible use cases. M
* may display personalized information, such as location-specific weather forecast
* serviced by trained professionals who do not modify software or hardware outside of manufacturer specifications
***UC-OT-1** Consumer-grade home wireless router
***UC-RO-1** Consumer-grade home wireless router
* stores account information for authentication with ISP
* not intended for end-user hardware or software modification
* is exposed to the open internet
***UC-OT-2** Business-grade remote door locking system
***UC-OT-1** Business-grade remote door locking system
* does not store any user data
* not intended for hardware or software modification
* is not exposed to the open internet, and is only connected to trusted networks
@@ -1758,44 +1758,47 @@ The overall risk related to each use case should be considered as a result of co
* NUSR-0: foreseeable use does not include user accounts for end-users
* NUSR-1: foreseeable use is only one user account for an end-user
* NUSR-2: foreseeable use is primarily a single user account for an end-user authenticating, but supports multiple user accounts for end-users
* NUSR-3: foreseeable use of the operating system is multiple user accounts for end-users
* NUSR-2: foreseeable use of the operating system is multiple user accounts for end-users
#### C.2.1.x User Account Concurrency
**[RF-CUSR]:** The number of user accounts expected to use the system concurrently, including administrator accounts if they are configurable or accessible by end-users.
* CUSR-0: foreseeable use does not include end-users authenticating to the system
* CUSR-1: foreseeable use is one authenticated end-user using the device at a time
* CUSR-2: foreseeable use of the operating system is multiple authenticated users simultaneously active on the operating system who are trusted not to actively attempt to compromise the system
* CUSR-3: foreseeable use of the operating system is multiple authenticated untrusted users simultaneously active on the operating system
* CUSR-0: foreseeable use is one authenticated end-user using the device at a time, including authentication by physical access
* CUSR-1: foreseeable use of the operating system is small number of authenticated users simultaneously active on the operating system who are trusted not to actively attempt to compromise the system
* CUSR-2: foreseeable use of the operating system is multiple authenticated untrusted users simultaneously active on the operating system
#### C.2.1.x Potential for Collection of Personally Identifiable Information
**[RF-PPII]:** Potential for collection of personally identifiable information about an individual person.
* SNDT-0: foreseeable use includes no or incidental collection of PII
* SNDT-1: foreseeable use includes collection of moderate amounts of PII
* SNDT-2: foreseeable use includes collection of extensive amounts of PII by default
#### C.2.1.x Sensitivity of Data Stored
**[RF-SNDS]:** Sensitivity of data stored, as measured by impact of loss of its integrity, confidentiality, or availability.
* SNDS-0: foreseeable use does not include storage of sensitive data
* SNDS-1: foreseeable use includes limited storage of sensitive data
* SNDS-2: foreseeable use includes storing moderate amounts of sensitive data
* SNDS-3: foreseeable use includes storing extensive amounts of sensitive data by default
* SNDS-0: foreseeable use includes no or incidental storage of sensitive data
* SNDS-1: foreseeable use includes storing moderate amounts of sensitive data
* SNDS-2: foreseeable use includes storing extensive amounts of sensitive data by default
#### C.2.1.x Sensitivity of Data Transmitted
**[RF-SNDT]:** Sensitivity of data transmitted, as measured by impact of loss of its integrity, confidentiality, or availability.
* SNDT-0: foreseeable use does not include transmission of sensitive data
* SNDT-1: foreseeable use includes incidental transmission of sensitive data
* SNDT-2: foreseeable use includes transmission of moderate amounts of sensitive data
* SNDT-3: foreseeable use includes transmission of extensive amounts of sensitive data by default
* SNDT-0: foreseeable use includes no or incidental transmission of sensitive data
* SNDT-1: foreseeable use includes transmission of moderate amounts of sensitive data
* SNDT-2: foreseeable use includes transmission of extensive amounts of sensitive data by default
#### C.2.1.x Sensitivity of Functions
**[RF-SENF]:** Sensitivity of functions of device, as measured by impact of loss of its integrity, confidentiality, or availability.
* SENF-0: foreseeable use does not provide sensitive functions
* SENF-1: foreseeable use limits provision of sensitive functions
* SENF-2: foreseeable use may provide arbitrary sensitive functions
* SENF-3: foreseeable use provides sensitive functions by default
* SENF-0: foreseeable use includes no or incidental provision of sensitive functions
* SENF-1: foreseeable use may provide arbitrary sensitive functions
* SENF-2: foreseeable use provides sensitive functions by default
#### C.2.1.x Physical Access by Threat Actors to the Device
@@ -1817,10 +1820,9 @@ The overall risk related to each use case should be considered as a result of co
**[RF-LOSS]:** Likelihood of loss or theft of the device, allowing threat actors unlimited physical access to the device.
* LOSS-0: foreseeable use of the operating system is limited to stationary devices or devices with other loss-prevention mechanisms
* LOSS-1: foreseeable use is in a device with only incidental loss likelihood
* LOSS-2: foreseeable use is in a device with moderate loss likelihood
* LOSS-3: foreseeable use is in a device with a high loss likelihood, such as devices which are common targets of theft such as mobile phones
* LOSS-0: foreseeable use is in a device with no or incidental loss likelihood
* LOSS-1: foreseeable use is in a device with moderate loss likelihood
* LOSS-2: foreseeable use is in a device with a high loss likelihood, such as devices which are common targets of theft such as mobile phones
#### C.2.1.x Hardware Modifiability by End Users
@@ -1834,10 +1836,9 @@ The overall risk related to each use case should be considered as a result of co
**[RF-SWMD]:** Likelihood that the software on the platform (including firmware) will be changed from its secure-by-default state.
* SWMD-0: foreseeable use lacks any reasonable means for end-users to install or modify the software other than by secure updates provided by the manufacturer
* SWMD-1: foreseeable use only allows the installation of trusted and verified software
* SWMD-2: foreseeable use allows for the installation of arbitrary software or for substantial modification of pre-installed software
* SWMD-3: foreseeable use actively encourages and facilitates the installation of arbitrary software
* SWMD-0: foreseeable use only allows the installation of trusted and verified software, such as updates
* SWMD-1: foreseeable use allows for the installation of arbitrary software or for substantial modification of pre-installed software
* SWMD-2: foreseeable use actively encourages and facilitates the installation of frequently malicious software
#### C.2.1.x Untrusted Peripheral Devices
@@ -1862,7 +1863,6 @@ The overall risk related to each use case should be considered as a result of co
* FNET-0: foreseeable use is limited to trusted and private networks
* FNET-1: foreseeable use includes untrusted local networks but not the open internet
* FNET-2: foreseeable use includes being connected directly to the open internet
* FNET-3: foreseeable use includes being a firewall connected directly to the open internet
#### C.2.1.x Configurability
@@ -1885,9 +1885,8 @@ The overall risk related to each use case should be considered as a result of co
**[RF-SUPP]:** How long the product is expected to be in use, and whether the product is expected to be updated throughout its life cycle.
* SUPP-0: foreseeable use does not require that the operating system be updated at any point in its lifecycle
* SUPP-1: foreseeable use limits the installation of updates to skilled administrators with access to the operating system
* SUPP-2: foreseeable use includes the installation of updates by end-users with access to the operating system
* SUPP-3: foreseeable use necessitates that the manufacturor provide frequent, automatic, and/or time-sensitive updates to the product, and may reasonably include a requirement for over-the-air updates.
* SUPP-1: foreseeable use includes the installation of updates by end-users with access to the operating system
* SUPP-2: foreseeable use necessitates that the manufacturor provide frequent, automatic, and/or time-sensitive updates to the product, and may reasonably include a requirement for over-the-air updates.
## C.3 Assumptions
@@ -2253,24 +2252,24 @@ Mitigations for Likelihood:
**NOTE:** The "TOTAL" field is referenced by but does not define the security assurance level assignments table in Annex C.7.3 Table 1. It is primarily a consistency check to see if the risk factors sufficiently distinguish the differences in risk tolerance between use cases.
| Use case | NUSR | CUSR | DATA | SNDS | SNDT | SENF | PHYS | UEIN | LOSS | HWMD | SWMD | DVCS | TNET | FNET | CONF | ADMN | SUPP | TOTAL |
