Loading EN-304-626.md +13 −13 Original line number Diff line number Diff line Loading @@ -2098,24 +2098,24 @@ Mitigations for Impact: Attacker may masquerade as an authorized server to get unauthorized access to product assets. | Risk factors | Likelihood | Security profiles | |--------------------|------------|-------------------| | NET = 0 or COM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-2, WD-3, WD-4 | | NET = 2 & COM = 2 | High | WL-2, WL-3, VI-2 | |----------------------|------------|----------------------------------------------------| | TNET = 0 or ADMN = 0 | Low | LR, IoT-1, | | all others | Medium | IoT-2, IoT-3, RO-1, OT-\*, WE-1, PC-2, LA-2, SE-\* | | TNET = 2 & ADMN = 2 | High | MOB-1, PC-1, LA-1 | | Risk factors | Impact | Security profiles | |---------------------------|--------|------------------------| | max(SNDS, SNDT, SENF) = 0 | Low | none | | max(SNDS, SNDT, SENF) = 1 | Medium | WD-1, WD-3, VI-1 | | max(SNDS, SNDT, SENF) = 2 | High | WD-2, WD-4, WL-\* VI-2 | |---------------------------------|--------|----------------------------------------------------------------------| | max(PPII, SNDS, SNDT, SENF) = 0 | Low | LR, IoT-1 | | max(PPII, SNDS, SNDT, SENF) = 1 | Medium | IoT-2, IoT-3 | | max(PPII, SNDS, SNDT, SENF) = 2 | High | WE-2, RO-1, IoT-3, WE-1, PC-\*, LA-1, PS-1, OT-1, MOB-1, LA-2, SE-\* | Requirements that mitigate this threat: CDTX, IDTX, AUTH, SCUD, LOGG Requirements that mitigate this threat: CDTX, CRYP, IDTX, AUTH, SCUD, LOGG Mitigations for Likelihood: * Medium to Low: AUTH, SUDC, (SUVP or SUAP or SUOE or SUAO), CDTX, IDTX * Medium to Low: AUTH, SUDC, (SUVP or SUAP or SUOE or SUAO), CDTX, CRYP, IDTX * High to Low: AUTH, SUDC, (SUAP or SUAO), CDTX, IDTX * High to Low: AUTH, SUDC, (SUAP or SUAO), CDTX, CRYP, IDTX Mitigations for Impact: Loading TRs_and_MIs.txt +3 −3 Original line number Diff line number Diff line Loading @@ -60,9 +60,6 @@ MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces Loading @@ -87,6 +84,9 @@ MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage Loading Loading
EN-304-626.md +13 −13 Original line number Diff line number Diff line Loading @@ -2098,24 +2098,24 @@ Mitigations for Impact: Attacker may masquerade as an authorized server to get unauthorized access to product assets. | Risk factors | Likelihood | Security profiles | |--------------------|------------|-------------------| | NET = 0 or COM = 0 | Low | WD-1, VI-1 | | all others | Medium | WD-2, WD-3, WD-4 | | NET = 2 & COM = 2 | High | WL-2, WL-3, VI-2 | |----------------------|------------|----------------------------------------------------| | TNET = 0 or ADMN = 0 | Low | LR, IoT-1, | | all others | Medium | IoT-2, IoT-3, RO-1, OT-\*, WE-1, PC-2, LA-2, SE-\* | | TNET = 2 & ADMN = 2 | High | MOB-1, PC-1, LA-1 | | Risk factors | Impact | Security profiles | |---------------------------|--------|------------------------| | max(SNDS, SNDT, SENF) = 0 | Low | none | | max(SNDS, SNDT, SENF) = 1 | Medium | WD-1, WD-3, VI-1 | | max(SNDS, SNDT, SENF) = 2 | High | WD-2, WD-4, WL-\* VI-2 | |---------------------------------|--------|----------------------------------------------------------------------| | max(PPII, SNDS, SNDT, SENF) = 0 | Low | LR, IoT-1 | | max(PPII, SNDS, SNDT, SENF) = 1 | Medium | IoT-2, IoT-3 | | max(PPII, SNDS, SNDT, SENF) = 2 | High | WE-2, RO-1, IoT-3, WE-1, PC-\*, LA-1, PS-1, OT-1, MOB-1, LA-2, SE-\* | Requirements that mitigate this threat: CDTX, IDTX, AUTH, SCUD, LOGG Requirements that mitigate this threat: CDTX, CRYP, IDTX, AUTH, SCUD, LOGG Mitigations for Likelihood: * Medium to Low: AUTH, SUDC, (SUVP or SUAP or SUOE or SUAO), CDTX, IDTX * Medium to Low: AUTH, SUDC, (SUVP or SUAP or SUOE or SUAO), CDTX, CRYP, IDTX * High to Low: AUTH, SUDC, (SUAP or SUAO), CDTX, IDTX * High to Low: AUTH, SUDC, (SUAP or SUAO), CDTX, CRYP, IDTX Mitigations for Impact: Loading
TRs_and_MIs.txt +3 −3 Original line number Diff line number Diff line Loading @@ -60,9 +60,6 @@ MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces Loading @@ -87,6 +84,9 @@ MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage Loading
