Version: 1, Published: 2024-02-06

Impacted Documents

CPP_HCD_V1.0

References

Appendix I.3 Threat Definitions

Issue Description

HDcPP Section I.3 does not define the following threats in terms of an asset (as defined in I.2) in the threat definition. CEM v3.1r5 APE_SPD.1.2C - "All threats shall be described in terms of a threat agent, an asset, and an adverse action."

  • T.TSF_FAILURE.

  • T.UNAUTHORIZED_UPDATE.

  • T.WEAK_CRYPTO.

Resolution

Update Threat Definitions.

cPP_HCD_V1.0

The cPP is updated as follows (yellow highlights for additions, strikethrough for deletions) per section that is being updated:

I.3 Threat Definitions

Threats are defined by a threat agent that performs an action resulting in an outcome that has the potential to violate TOE security policies.

Table 15. Threats

Designation Definition

T.UNAUTHORIZED_ACCESS

An attacker may access (read, modify, or delete) User Document Data or change (modify or delete) User Job Data in the TOE through one of the TOE’s interfaces or the physical Nonvolatile Storage component.

T.TSF_COMPROMISE

An attacker may gain Unauthorized Access to TSF Data in the TOE through one of the TOE’s interfaces or the physical Nonvolatile Storage component.

T.TSF_FAILURE

A malfunction of the TSF may compromise the device cause loss of security status if the TOE is permitted to operate.

T.UNAUTHORIZED_UPDATE

An attacker may cause the installation of install unauthorized firmware/software on the TOE to modify the Device security status.

T.NET_COMPROMISE

An attacker may access data in transit or otherwise compromise the security of the TOE by monitoring or manipulating network communication.

T.WEAK_CRYPTO

An attacker may exploit poorly chosen cryptographic algorithms, random bit generators, ciphers or key sizes to access (read, modify, or delete) TSF and User data.

Tracking

Issue #12