Commit f2da9f6f authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Update SWMD risk factors

parent 582b6a72

EN-304-626.md

+27 −27
Original line number Diff line number Diff line
@@ -2050,15 +2050,15 @@ Mitigations for Impact: 
| **UC-RO-1**  | 0    | 0    | 1    | 0    | 1    | 2    | 2    | 0    | 2    | 0    | 0    | 0    | 0    | 2    | 2    | 2    | 1    | 2    | 17    |

| **UC-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 0    | 2    | 12    |

| **UC-MOB-1** | 1    | 1    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 31    |

| **UC-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 0    | 0    | 1    | 0    | 0    | 2    | 1    | 13    |

| **UC-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 25    |

| **UC-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 1    | 1    | 2    | 1    | 2    | 1    | 2    | 25    |

| **UC-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 1    | 2    | 2    | 1    | 2    | 2    | 2    | 27    |

| **UC-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 1    | 2    | 2    | 1    | 2    | 1    | 2    | 27    |

| **UC-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 2    | 1    | 1    | 2    | 24    |

| **UC-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 1    | 1    | 0    | 2    | 21    |

| **UC-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **UC-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 2    | 1    | 0    | 2    | 24    |

| **UC-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 0    | 2    | 1    | 14    |

| **UC-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 2    | 2    | 26    |

| **UC-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 1    | 2    | 26    |

| **UC-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 28    |

| **UC-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 2    | 28    |

| **UC-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 25    |

| **UC-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **UC-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 23    |

| **UC-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 25    |



## C.6 Security profiles and security assurance levels
@@ -2079,15 +2079,15 @@ Security profiles are associated with sets of risk factor levels. Each security 
| **SP-RO-1**  | 0    | 0    | 1    | 0    | 1    | 2    | 2    | 0    | 2    | 0    | 0    | 0    | 0    | 2    | 2    | 2    | 1    | 2    | 17    |

| **SP-OT-1**  | 0    | 0    | 0    | 0    | 1    | 1    | 2    | 2    | 1    | 0    | 0    | 0    | 0    | 1    | 1    | 1    | 0    | 2    | 12    |

| **SP-MOB-1** | 1    | 1    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 31    |

| **SP-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 0    | 0    | 1    | 0    | 0    | 2    | 1    | 13    |

| **SP-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 25    |

| **SP-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 1    | 1    | 2    | 1    | 2    | 1    | 2    | 25    |

| **SP-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 1    | 2    | 2    | 1    | 2    | 2    | 2    | 27    |

| **SP-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 1    | 2    | 2    | 1    | 2    | 1    | 2    | 27    |

| **SP-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 2    | 1    | 1    | 2    | 24    |

| **SP-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 1    | 1    | 0    | 2    | 21    |

| **SP-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **SP-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 1    | 1    | 2    | 2    | 1    | 0    | 2    | 24    |

| **SP-WE-1**  | 0    | 0    | 1    | 1    | 2    | 1    | 0    | 1    | 2    | 1    | 0    | 1    | 0    | 1    | 0    | 0    | 2    | 1    | 14    |

| **SP-PC-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 2    | 2    | 26    |

| **SP-PC-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 0    | 2    | 0    | 2    | 2    | 1    | 2    | 1    | 2    | 1    | 2    | 26    |

| **SP-LA-1**  | 1    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 2    | 2    | 28    |

| **SP-LA-2**  | 1    | 1    | 2    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 1    | 2    | 2    | 2    | 1    | 2    | 1    | 2    | 28    |

| **SP-PS-1**  | 2    | 2    | 2    | 0    | 2    | 2    | 1    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 1    | 2    | 25    |

| **SP-SE-1**  | 1    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 22    |

| **SP-SE-2**  | 2    | 1    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 1    | 1    | 0    | 2    | 23    |

| **SP-SE-3**  | 2    | 2    | 2    | 0    | 2    | 2    | 2    | 0    | 2    | 0    | 1    | 2    | 1    | 2    | 2    | 1    | 0    | 2    | 25    |



### C.6.3 Security assurance levels
@@ -2111,15 +2111,15 @@ Security assurance levels are informed by but not determined by the risk factor 
| **SP-RO-1**      | Consumer-grade home wireless router                                    | 17       | MED  |

| **SP-OT-1**      | Business-grade remote door locking system                              | 12       | MED  |

| **SP-MOB-1**     | Personal mobile device                                                 | 31       | HIGH |

| **SP-WE-1**      | Wearable health tracker                                                | 13       | MED  |

| **SP-PC-1**      | Personal computer in a fixed and generally safe location               | 25       | MED  |

| **SP-PC-2**      | Enterprise workstation in a fixed and generally safe location          | 25       | MED  |

| **SP-LA-1**      | Personal laptop                                                        | 27       | HIGH |

| **SP-LA-2**      | Enterprise laptop                                                      | 27       | HIGH |

| **SP-PS-1**      | Personal server                                                        | 24       | MED  |

| **SP-SE-1**      | Enterprise server in a datacenter with no user accounts                | 21       | MED  |

| **SP-SE-2**      | Enterprise server in a datacenter with only trusted user accounts      | 22       | MED  |

| **SP-SE-3**      | Enterprise server in a datacenter hosting many untrusted user accounts | 24       | MED  |

| **SP-WE-1**      | Wearable health tracker                                                | 14       | MED  |

| **SP-PC-1**      | Personal computer in a fixed and generally safe location               | 26       | MED  |

| **SP-PC-2**      | Enterprise workstation in a fixed and generally safe location          | 26       | MED  |

| **SP-LA-1**      | Personal laptop                                                        | 28       | HIGH |

| **SP-LA-2**      | Enterprise laptop                                                      | 28       | HIGH |

| **SP-PS-1**      | Personal server                                                        | 25       | MED  |

| **SP-SE-1**      | Enterprise server in a datacenter with no user accounts                | 22       | MED  |

| **SP-SE-2**      | Enterprise server in a datacenter with only trusted user accounts      | 23       | MED  |

| **SP-SE-3**      | Enterprise server in a datacenter hosting many untrusted user accounts | 25       | MED  |



# Annex D (informative): Risk evaluation guidance