|
|
|
CWRAF Vignette Details - Domain natl-defense
The MITRE Corporation Copyright © 2013
http://cwe.mitre.org/cwraf/
|
|
CWRAF version: 0.8.3 |
Date: April 3, 2013 |
Project Coordinator:
Bob Martin (MITRE)
|
Document Editor:
Steve Christey (MITRE)
|
CWRAF Vignettes - natl-defense
CWRAF Vignettes - natl-defense
Within the Common Weakness Risk Analysis
Framework (CWRAF), a vignette
provides a shareable, formalized way to define a particular
environment, the role that software plays within that environment, and
an organization's priorities with respect to software security. It
identifies essential resources and capabilities, as well as their
importance relative to security principles such as confidentiality,
integrity, and availability. For example, in an e-commerce context,
99.999% uptime may be a strong business requirement that drives the
interpretation of the severity of discovered weaknesses.
Vignettes allow CWSS to
support diverse audiences who may have different requirements for how
to prioritize weaknesses. CWSS scoring can occur within the context of a vignette.
This page currently contains details for 1 vignettes within
the "natl-defense" domain. These are illustrative only; the CWRAF
community will help to refine these and develop others. Feedback is
welcome.
|
Vignette Summary
Vignette Summary
Name | Description |
Weapon system sensor | Sensor for a weapons system that is connected to the Global Information Grid
(GIG). |
Vignette Details
Vignette Details
Vignette Definition: Weapon system sensor
Name | Weapon system sensor
| ID | weap-sensor
| Maturity | stub
| Domain | natl-defense
| Desc | Sensor for a weapons system that is connected to the Global Information Grid
(GIG).
| Archetypes | Embedded Device |
Business Value Context (BVC) | Integrity is essential to prevent reporting of false data and faulty
decision-making. Lack of availability could cause mission failure. Confidentiality
may be slightly less important.
| Notes |
| References | No references recorded.
|
Technical Impact Scorecard
Impact | Layer | Subscore | Notes
| Modify data | System | |
| Modify data | Application | |
| Modify data | Network | |
| Modify data | Enterprise | |
| Read data | System | |
| Read data | Application | |
| Read data | Network | |
| Read data | Enterprise | |
| DoS: unreliable execution | System | |
| DoS: unreliable execution | Application | |
| DoS: unreliable execution | Network | |
| DoS: unreliable execution | Enterprise | |
| DoS: resource consumption | System | |
| DoS: resource consumption | Application | |
| DoS: resource consumption | Network | |
| DoS: resource consumption | Enterprise | |
| Execute unauthorized code or commands | System | |
| Execute unauthorized code or commands | Application | |
| Execute unauthorized code or commands | Network | |
| Execute unauthorized code or commands | Enterprise | |
| Gain privileges / assume identity | System | |
| Gain privileges / assume identity | Application | |
| Gain privileges / assume identity | Network | |
| Gain privileges / assume identity | Enterprise | |
| Bypass protection mechanism | System | |
| Bypass protection mechanism | Application | |
| Bypass protection mechanism | Network | |
| Bypass protection mechanism | Enterprise | |
| Hide activities | System | |
| Hide activities | Application | |
| Hide activities | Network | |
| Hide activities | Enterprise | |
|
More information is available — Please edit the custom filter or select a different filter.
|