Update use case mapping for documentation of interfaces (9448ee94) · Commits · STAN4CRA / EN 304 626 Operating Systems

EN-304-626.md

+12 −7

Original line number	Diff line number	Diff line
		@@ -681,7 +681,7 @@ FIXME add the separate concept of users apart from accounts

		* CUSR-0: foreseeable use does not include end-users authenticating to the system
		* CUSR-1: foreseeable use is one authenticated end-user using the device at a time
		* CUSR-3: foreseeable use of the operating system is multiple authenticated users simultaneously active on the operating system who are trusted not to actively attempt to compromise the system
		* CUSR-2: foreseeable use of the operating system is multiple authenticated users simultaneously active on the operating system who are trusted not to actively attempt to compromise the system
		* CUSR-3: foreseeable use of the operating system is multiple authenticated untrusted users simultaneously active on the operating system

		#### 4.5.1.x Sensitivity of Data Stored
		@@ -1591,13 +1591,18 @@ All exposed interfaces on the product in any state that is part of its reasonabl
		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\|-----------------------------------------------------------------\|----------------------\|
		\| RT-High \| none \|
		\| PHYS < 1 & CUSR < 2 & UEIN < 1 & SWMD < 1 & TNET < 1 & FNET < 2 \| none \|
		\| any \| JSTY \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\|------------------\|----------------------\|
		\| RT-High \| none \|
		\| any \| JSTY \|

		> FIXME: When full use case risk factor and tolerances are available, update above table.

		### 5.2.X TR-SCDL: Secure deletion

		The product shall provide a method of deleting all data and settings and resetting the product to its secure-by-default configuration.