Commit d53fbdc6 authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Update risk formula for UEVU

parent 04308b27

EN-304-626.md

+5 −5
Original line number Diff line number Diff line
@@ -1803,10 +1803,10 @@ For each threat, both likelihood and impact must be Low before the risk is consi 
Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets.



| Risk factors                          | Likelihood | Security profiles                            |

|-------------------------------------------------|------------|----------------------------------------------------|

| max(NUSR, CUSR, DATA, PHYS, FNET) = 0 or SA-LOW | Low        | LR, IoT-1                                          |

| all others                                      | Medium     | IoT-2, IoT-3, WE-1, RO-1, OT-1, PC-\*, PS-1, SE-\* |

| max(NUSR, CUSR, DATA, PHYS, FNET) = 2 & SA-HIGH | High       | MOB-1, LA-\*                                       |

|---------------------------------------|------------|----------------------------------------------|

| max(NUSR, CUSR, SENF, PHYS, FNET) = 0 | Low        | LR, IoT-1                                    |

| all others                            | Medium     | IoT-2, IoT-3, WE-1                           |

| max(NUSR, CUSR, SENF, PHYS, FNET) = 2 | High       | RO-1, OT-1, MOB-1, PC-\*, LA-\*, PS-1, SE-\* |



| Risk factors              | Impact | Security profiles                                  |

|---------------------------|--------|----------------------------------------------------|