|
|
|
CWRAF - Technology Groups
The MITRE Corporation Copyright © 2013
http://cwe.mitre.org/cwraf/
|
|
CWRAF version: 0.8.3 |
Date: April 3, 2013 |
Project Coordinator:
Bob Martin (MITRE)
|
Document Editor:
Steve Christey (MITRE)
|
CWRAF - Technology Groups
CWRAF - Technology Groups
Following is a list of the technology groups that are used in CWRAF.
|
Group | Details |
Web Applications |
Web-based applications, clients, servers, etc.
Archetypes:
- Web application
- Web browser
- Web browser plugin
- Web client
- Web server
- Web proxy
- J2EE and supporting frameworks
|
Real-Time Embedded Systems |
Real-time embedded systems.
Archetypes:
- Programmable Logic Controller (PLC)
- Embedded Device
- Proprietary Firmware
|
Control Systems |
Control systems including Industrial Control Systems (ICS) and process control
systems. Including but not necessarily limited to supervisory control and data
acquisition (SCADA), programmable logic controller (PLC), distributed control system
(DCS), Remote Terminal Units (RTU). Controllers for physical systems that operate in
a chemical plant or other critical infrastructure, e.g. electric, chemical, or
hydro.
Potential consequences of successful attack could include blocked/delayed flow of
information; unauthorized changes to commands/alarms to damage/shut-down equipment,
affect environment, or endanger human life; send inaccurate information to system
operators to hide unauthorized changes or cause the operators to initiate
inappropriate actions; modify ICS software or configuration settings, or install
malware; interfere with operation of safety systems, possibly endangering human
life.
According to an INL-NSTB report, confidentiality is less important than
integrity, which is less important than availability. Distinctions could be made
between sensor data and administrative information.
Archetypes:
- Distributed Control System (DCS)
- SCADA
- Process Control Systems
- Programmable Logic Controller (PLC)
- Remote Terminal Unit (RTU)
|
End-Point Computing Devices |
Devices used for mobile computing and the mobile workforce.
Archetypes:
|
Database & Storage Systems |
Technologies for storing and retrieving data.
Archetypes:
- Database
- Removable Storage Media
|
Operating Systems |
Operating systems, typically consisting of a kernel, administrative utilities, and
general-purpose applications.
Archetypes:
- General-purpose OS
- Virtualized OS
|
Identity Management Systems |
Device authentication, privacy management, PKI, digital certificates, etc.
Archetypes:
- PKI
- Digital certificate
- Privacy management
|
Enterprise Systems & Applications |
Applications that are typically deployed across an enterprise, such as desktop
applications and servers.
Archetypes:
- Database
- Document Processing
- General-purpose OS
- Virtualized OS
- Anti-Virus Program
- VPN
- Firewall
|
Cloud Computing |
Virtualized and Cloud environments, where applications compete for shared, dynamic
infrastructure resources. Consumers obtain services remotely, instead of integrating
them within internal networks.
Archetypes:
- Infrastructure as a Service (IaaS)
- Platform-as-a-Service (PaaS)
- Software-as-a-Service (SaaS)
- Virtualized OS
|
Enterprise Security Products |
Products that help the enterprise protect, detect, and react to intrusions or
potential intrusions.
Archetypes:
- Anti-Virus Program
- VPN
- Firewall
|
Network Communications |
Products for creating and maintaining communications across a network.
Archetypes:
- Internet Communications
- Modem Communications
- Wireless Communications
- Router
- VPN
- Firewall
|
More information is available — Please edit the custom filter or select a different filter.
|