Loading TRs_and_MIs.txt 0 → 100644 +97 −0 Original line number Diff line number Diff line TRs Likelihood: TR-NKEV: No known exploitable vulnerabilities at first use TR-SSDD: Secure design and development TR-MISO: Prevent local unauthorized access of memory-addressable security-relevant data TR-MIME: Mitigate memory errors TR-LMII: Limit incident impact TR-MINI: Minimize impact on other devices and services TR-SDEF: Secure by default configuration TR-SCUD: Secure updates TR-AUTH: Authentication and access control TR-LMAS: Minimize exposed interfaces TR-SDTR: Secure data read and transfer TR-VULH: Vulnerability handling Impact TR-CDST: Confidentiality of data stored on the product TR-CDTX: Confidentiality of data transmitted by product TR-CRYP: Encryption TR-IDST: Integrity of data stored on the product TR-IDTX: Integrity of data transmitted by the product TR-DMIN: Data Minimization TR-AVAI: Availability TR-LOGG: Logging and monitoring TR-SCDL: Secure deletion Likelihood: MI-KEVD: Documentation for secure update before or during first use MI-KEVA: Automatic secure update before or during first use MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities MI-KEVT: Testing for known exploitable vulnerabilities MI-SCAN: No easily scannable known exploitable vulnerabilities MI-SSCA: Static source code analysis for memory errors MI-FZ95: Runtime code coverage checking with memory access error detection MI-IMSL: Implement in a memory-safe language MI-BTIN: Boundary testing of inputs that may cause memory errors MI-SCFS: Secure compilation flags MI-MMAC: Memory access control MI-CCON: Prevent creation of more than one user account MI-UCON: Prevent concurrent user account usage MI-PMSC: Prevent memory leaks through microarchitectural side channels in provided executables MI-TRMD: Transfer risk of microarchitectural side channel data leaks to user MI-ASLR: Address Space Layout Randomization MI-MSAF-1: Stack exhaustion detection MI-MSAF-2: Stack linear buffer overflow detection MI-MSAF-3: Array bounds checking MI-MSAF-4: Heap linear buffer overflow detection MI-MSAF-5: Heap use-after-free access prevention MI-MSAF-6: Heap free checking MI-MZRO-1: Stack memory zeroing MI-MZRO-2: Heap memory zeroing MI-MRWX-1: Prevent writes to executable and read-only data memory MI-MRWX-2: Prevent execution of non-kernel code memory MI-NKAM: Prevent unintentional kernel access to userspace memory MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces MI-PDDI-3: Protect or disable network access to debug/management interfaces MI-SCHL: Low security updates provided by operational environment MI-SCHM: Medium security updates provided by operational environment MI-SCHH: High security updates provided by operational environment MI-AUTH: Authentication and access control MI-JSTY: Document and justify exposed interfaces MI-SDRF: Secure data read from product MI-SNDTR: Secure data transfer to another product MI-VULH: Vulnerability handling Impact: MI-CDST: Protect confidentiality of data stored on the product MI-CDTX: Protect confidentiality of data transmitted by product MI-DOCC: Document transfer of risk of confidentiality of data transmitted by product MI-IDST: Protect integrity of data stored on the product MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage MI-FAIR: Fair resource usage and prioritization MI-DOST: Document risk transfer to operational environment for denial of service MI-LOGG: Logging MI-RSET: Secure deletion via reset MI-INST: Secure deletion via reinstallation MI-DELE: Secure deletion via secure deletion function Loading
TRs_and_MIs.txt 0 → 100644 +97 −0 Original line number Diff line number Diff line TRs Likelihood: TR-NKEV: No known exploitable vulnerabilities at first use TR-SSDD: Secure design and development TR-MISO: Prevent local unauthorized access of memory-addressable security-relevant data TR-MIME: Mitigate memory errors TR-LMII: Limit incident impact TR-MINI: Minimize impact on other devices and services TR-SDEF: Secure by default configuration TR-SCUD: Secure updates TR-AUTH: Authentication and access control TR-LMAS: Minimize exposed interfaces TR-SDTR: Secure data read and transfer TR-VULH: Vulnerability handling Impact TR-CDST: Confidentiality of data stored on the product TR-CDTX: Confidentiality of data transmitted by product TR-CRYP: Encryption TR-IDST: Integrity of data stored on the product TR-IDTX: Integrity of data transmitted by the product TR-DMIN: Data Minimization TR-AVAI: Availability TR-LOGG: Logging and monitoring TR-SCDL: Secure deletion Likelihood: MI-KEVD: Documentation for secure update before or during first use MI-KEVA: Automatic secure update before or during first use MI-KEVM: Documentation of mitigation of known exploitable vulnerabilities MI-KEVT: Testing for known exploitable vulnerabilities MI-SCAN: No easily scannable known exploitable vulnerabilities MI-SSCA: Static source code analysis for memory errors MI-FZ95: Runtime code coverage checking with memory access error detection MI-IMSL: Implement in a memory-safe language MI-BTIN: Boundary testing of inputs that may cause memory errors MI-SCFS: Secure compilation flags MI-MMAC: Memory access control MI-CCON: Prevent creation of more than one user account MI-UCON: Prevent concurrent user account usage MI-PMSC: Prevent memory leaks through microarchitectural side channels in provided executables MI-TRMD: Transfer risk of microarchitectural side channel data leaks to user MI-ASLR: Address Space Layout Randomization MI-MSAF-1: Stack exhaustion detection MI-MSAF-2: Stack linear buffer overflow detection MI-MSAF-3: Array bounds checking MI-MSAF-4: Heap linear buffer overflow detection MI-MSAF-5: Heap use-after-free access prevention MI-MSAF-6: Heap free checking MI-MZRO-1: Stack memory zeroing MI-MZRO-2: Heap memory zeroing MI-MRWX-1: Prevent writes to executable and read-only data memory MI-MRWX-2: Prevent execution of non-kernel code memory MI-NKAM: Prevent unintentional kernel access to userspace memory MI-PLLC: Prevent linked list corruption MI-MRCO: Mitigate reference counter overflow MI-CFIN: Control flow integrity MI-MPMT: Memory protection using memory tagging MI-MDOC: Document transfer of risk of minimizing impact to operating environment MI-MNET: Minimize negative impact of network transmission MI-MAMP: Minimize negative impact of network traffic amplification MI-ADEF: Authorization required by default to access security-relevant assets MI-PDDI-1: Document how to protect access to debug/management interfaces MI-PDDI-2: Protect or disable local software access to debug/management interfaces MI-PDDI-3: Protect or disable network access to debug/management interfaces MI-SCHL: Low security updates provided by operational environment MI-SCHM: Medium security updates provided by operational environment MI-SCHH: High security updates provided by operational environment MI-AUTH: Authentication and access control MI-JSTY: Document and justify exposed interfaces MI-SDRF: Secure data read from product MI-SNDTR: Secure data transfer to another product MI-VULH: Vulnerability handling Impact: MI-CDST: Protect confidentiality of data stored on the product MI-CDTX: Protect confidentiality of data transmitted by product MI-DOCC: Document transfer of risk of confidentiality of data transmitted by product MI-IDST: Protect integrity of data stored on the product MI-DCST: Detect corruption of data stored MI-DCTX: Detect corruption of data transmitted by the product MI-DJST: Document and justify processed data MI-AVNT: Availability of network services MI-WDOG: Watchdog and self-initiated reset MI-FDRP: Fast packet drop MI-LMEM: Limit memory usage MI-FAIR: Fair resource usage and prioritization MI-DOST: Document risk transfer to operational environment for denial of service MI-LOGG: Logging MI-RSET: Secure deletion via reset MI-INST: Secure deletion via reinstallation MI-DELE: Secure deletion via secure deletion function
