Merge pull request #31 from Spyderisk/28-remove-current-and-future-ri…

…sk-control-strategies 28 remove current and future risk control strategies
Spyderisk · Aug 17, 2023 · 2d9cbb2 · 2d9cbb2
2 parents ecfc73c + 91f4326
commit 2d9cbb2
Show file tree

Hide file tree

Showing 18 changed files with 118 additions and 94 deletions.
diff --git a/csv/CASetting.csv b/csv/CASetting.csv
@@ -8,7 +8,6 @@ package#5G,domain#CAS-AntiMalware-BaseStation,domain#BaseStation,domain#AntiMalw
 package#5G,domain#CAS-BiometricIDVerifier-BaseStation,domain#BaseStation,domain#BiometricIDVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#5G,domain#CAS-ChipAndPINVerifier-BaseStation,domain#BaseStation,domain#ChipAndPINVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#5G,domain#CAS-ContinuousAuthN-BaseStation,domain#BaseStation,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
-package#5G,domain#CAS-CurrentRiskCalculation-BaseStation,domain#BaseStation,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#5G,domain#CAS-DeviceCertification-BaseStation,domain#BaseStation,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#5G,domain#CAS-DisabledHost-BaseStation,domain#BaseStation,domain#DisabledHost,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#5G,domain#CAS-DisableNetworkProvision-BaseStation,domain#BaseStation,domain#DisableNetworkProvision,TRUE,domain#TrustworthinessLevelSafe,TRUE
@@ -103,18 +102,6 @@ package#Application,domain#CAS-ContinuousAuthVerifier-TextEditor,domain#TextEdit
 package#Application,domain#CAS-ContinuousAuthVerifier-WebApp,domain#WebApp,domain#ContinuousAuthVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Application,domain#CAS-ContinuousAuthVerifier-WebBrowser,domain#WebBrowser,domain#ContinuousAuthVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Application,domain#CAS-ContinuousAuthVerifier-WebClient,domain#WebClient,domain#ContinuousAuthVerifier,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-ApplicationProcess,domain#ApplicationProcess,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-CmdLineProcess,domain#CmdLineProcess,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-DataService,domain#DataService,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-DB,domain#DB,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-DesktopService,domain#DesktopService,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-Editor,domain#Editor,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-EmailMX,domain#EmailMX,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-RemoteDesktop,domain#RemoteDesktop,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-TextEditor,domain#TextEditor,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-WebApp,domain#WebApp,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-WebBrowser,domain#WebBrowser,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Application,domain#CAS-CurrentRiskCalculation-WebClient,domain#WebClient,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Application,domain#CAS-DisabledProcess-ApplicationProcess,domain#ApplicationProcess,domain#DisabledProcess,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Application,domain#CAS-DisabledProcess-CmdLineProcess,domain#CmdLineProcess,domain#DisabledProcess,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Application,domain#CAS-DisabledProcess-DataService,domain#DataService,domain#DisabledProcess,TRUE,domain#TrustworthinessLevelSafe,TRUE
@@ -508,12 +495,6 @@ package#CloudManagement,domain#CAS-ContinuousAuthN-Pod,domain#Pod,domain#Continu
 package#CloudManagement,domain#CAS-ContinuousAuthN-Worker,domain#Worker,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#CloudManagement,domain#CAS-ContinuousAuthVerifier-APIServer,domain#APIServer,domain#ContinuousAuthVerifier,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#CloudManagement,domain#CAS-ContinuousAuthVerifier-Ingress,domain#Ingress,domain#ContinuousAuthVerifier,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-APIServer,domain#APIServer,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-Container,domain#Container,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-Ingress,domain#Ingress,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-Master,domain#Master,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-Pod,domain#Pod,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#CloudManagement,domain#CAS-CurrentRiskCalculation-Worker,domain#Worker,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#CloudManagement,domain#CAS-DeviceCertification-Container,domain#Container,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#CloudManagement,domain#CAS-DeviceCertification-Master,domain#Master,domain#DeviceCertification,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#CloudManagement,domain#CAS-DeviceCertification-Pod,domain#Pod,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
@@ -748,10 +729,6 @@ package#IoT,domain#CAS-ContinuousAuthN-Controller,domain#Controller,domain#Conti
 package#IoT,domain#CAS-ContinuousAuthN-Sensor,domain#Sensor,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#IoT,domain#CAS-ContinuousAuthVerifier-ControlProcess,domain#ControlProcess,domain#ContinuousAuthVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#IoT,domain#CAS-ContinuousAuthVerifier-SensorProcess,domain#SensorProcess,domain#ContinuousAuthVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
-package#IoT,domain#CAS-CurrentRiskCalculation-Controller,domain#Controller,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#IoT,domain#CAS-CurrentRiskCalculation-ControlProcess,domain#ControlProcess,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#IoT,domain#CAS-CurrentRiskCalculation-Sensor,domain#Sensor,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#IoT,domain#CAS-CurrentRiskCalculation-SensorProcess,domain#SensorProcess,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#IoT,domain#CAS-DeviceCertification-Controller,domain#Controller,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#IoT,domain#CAS-DeviceCertification-Sensor,domain#Sensor,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#IoT,domain#CAS-DisabledHost-Controller,domain#Controller,domain#DisabledHost,TRUE,domain#TrustworthinessLevelSafe,TRUE
@@ -1021,24 +998,6 @@ package#Network,domain#CAS-ContinuousAuthVerifier-LoginService,domain#LoginServi
 package#Network,domain#CAS-ContinuousAuthVerifier-RemoteTerminal,domain#RemoteTerminal,domain#ContinuousAuthVerifier,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Network,domain#CAS-ContinuousAuthVerifier-SMSClient,domain#SMSClient,domain#ContinuousAuthVerifier,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Network,domain#CAS-ContinuousOccupation-DataCentre,domain#DataCentre,domain#ContinuousOccupation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-AuthClient,domain#AuthClient,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-AuthService,domain#AuthService,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Cluster,domain#Cluster,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-CoreRouter,domain#CoreRouter,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-EmailClient,domain#EmailClient,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-EmailService,domain#EmailService,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-LoginService,domain#LoginService,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-MobileClient,domain#MobileClient,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Notebook,domain#Notebook,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-RemoteTerminal,domain#RemoteTerminal,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-RemovableMedia,domain#RemovableMedia,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Router,domain#Router,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Server,domain#Server,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Smartphone,domain#Smartphone,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Smartwatch,domain#Smartwatch,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-SMSClient,domain#SMSClient,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Tablet,domain#Tablet,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Network,domain#CAS-CurrentRiskCalculation-Workstation,domain#Workstation,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Network,domain#CAS-DeviceCertification-Cluster,domain#Cluster,domain#DeviceCertification,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Network,domain#CAS-DeviceCertification-CoreRouter,domain#CoreRouter,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Network,domain#CAS-DeviceCertification-MobileClient,domain#MobileClient,domain#DeviceCertification,FALSE,domain#TrustworthinessLevelSafe,TRUE
@@ -1672,7 +1631,6 @@ package#Privacy,domain#CAS-ConsentManagement-HealthData,domain#HealthData,domain
 package#Privacy,domain#CAS-ConsentManagement-SensitiveData,domain#SensitiveData,domain#ConsentManagement,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Privacy,domain#CAS-ConsentManagement-SpamData,domain#SpamData,domain#ConsentManagement,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Privacy,domain#CAS-ContinuousAuthN-HealthSensor,domain#HealthSensor,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
-package#Privacy,domain#CAS-CurrentRiskCalculation-HealthSensor,domain#HealthSensor,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Privacy,domain#CAS-DeviceCertification-HealthSensor,domain#HealthSensor,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Privacy,domain#CAS-DisabledHost-HealthSensor,domain#HealthSensor,domain#DisabledHost,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Privacy,domain#CAS-DisableNetworkProvision-HealthSensor,domain#HealthSensor,domain#DisableNetworkProvision,FALSE,domain#TrustworthinessLevelSafe,TRUE
@@ -1742,7 +1700,6 @@ package#ProcessComms,domain#CAS-AddressWhitelisting-ServiceChannel,domain#Servic
 package#ProcessComms,domain#CAS-ApplicationFW-ServiceProxy,domain#ServiceProxy,domain#ApplicationFW,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#ProcessComms,domain#CAS-AuthenticationLimits-ServiceProxy,domain#ServiceProxy,domain#AuthenticationLimits,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#ProcessComms,domain#CAS-ContinuousAuthVerifier-ServiceProxy,domain#ServiceProxy,domain#ContinuousAuthVerifier,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#ProcessComms,domain#CAS-CurrentRiskCalculation-ServiceProxy,domain#ServiceProxy,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#ProcessComms,domain#CAS-DisableClientAccess-ClientChannel,domain#ClientChannel,domain#DisableClientAccess,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#ProcessComms,domain#CAS-DisabledProcess-ServiceProxy,domain#ServiceProxy,domain#DisabledProcess,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#ProcessComms,domain#CAS-DisableServiceChannel-ServiceChannel,domain#ServiceChannel,domain#DisableServiceChannel,TRUE,domain#TrustworthinessLevelSafe,TRUE
@@ -1816,9 +1773,6 @@ package#Virtualisation,domain#CAS-Clustering-VCluster,domain#VCluster,domain#Clu
 package#Virtualisation,domain#CAS-ContinuousAuthN-VCluster,domain#VCluster,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Virtualisation,domain#CAS-ContinuousAuthN-VM,domain#VM,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Virtualisation,domain#CAS-ContinuousAuthN-VRouter,domain#VRouter,domain#ContinuousAuthN,FALSE,domain#TrustworthinessLevelSafe,TRUE
-package#Virtualisation,domain#CAS-CurrentRiskCalculation-VCluster,domain#VCluster,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Virtualisation,domain#CAS-CurrentRiskCalculation-VM,domain#VM,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
-package#Virtualisation,domain#CAS-CurrentRiskCalculation-VRouter,domain#VRouter,domain#CurrentRiskCalculation,TRUE,domain#TrustworthinessLevelSafe,TRUE
 package#Virtualisation,domain#CAS-DeviceCertification-VCluster,domain#VCluster,domain#DeviceCertification,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Virtualisation,domain#CAS-DeviceCertification-VM,domain#VM,domain#DeviceCertification,FALSE,domain#TrustworthinessLevelSafe,TRUE
 package#Virtualisation,domain#CAS-DeviceCertification-VRouter,domain#VRouter,domain#DeviceCertification,TRUE,domain#TrustworthinessLevelSafe,TRUE

diff --git a/csv/Control.csv b/csv/Control.csv
@@ -43,7 +43,6 @@ package#Network,domain#Clustering,Clustering,TRUE,"The host represents a class o
 package#Network,domain#ContinuousAuthN,ContinuousAuthN,TRUE,"The process captures usage characteristics, allowing the user identity to be verified by a suitable authentication service against a previously registered profile.",domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Network,domain#ContinuousAuthNID,ContinuousAuthNID,TRUE,The user has continuous authentication identification characteristics registered with a continuous authentication verification service in the system.,domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Network,domain#ContinuousAuthVerifier,ContinuousAuthVerifier,TRUE,The service has a means to verify the identity of a device user based on continuous authentication data sent by the device.,domain#CostVeryLow,domain#PerformanceImpactVeryLow
-package#Network,domain#CurrentRiskCalculation,CurrentRiskCalculation,TRUE,"The risk calculation is a current risk calculation. This control is used in a control strategy to disable threats that represent possible changes in asset status (like the discovery of vulnerabilities) over the long term, which should be ignored in a current risk calculation. This control strategy should not be used in future risk calculations. It is intended for use only by run-time services that need to invoke automated current risk calculations.",domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Network,domain#DeviceCertification,DeviceCertification,TRUE,The device has been independently tested and certified as secure to a suitable evaluation assurance level.,domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Network,domain#DisabledHost,DisabledHost,TRUE,"The host device has been disabled. This is not a contingency plan but a state reached after activation of a contingency plan. It should be selected in current risk calculations to determine the effect of disabling the host, or when runtime monitoring detects the host is not running.",domain#CostVeryLow,domain#PerformanceImpactVeryLow
 package#Network,domain#DisabledProcess,DisabledProcess,TRUE,"The process has been disabled. This is not a contingency plan but a state reached after activation of a contingency plan. It should be selected in current risk calculations to determine the effect of disabling the process, or when runtime monitoring detects the process is not running.",domain#CostVeryLow,domain#PerformanceImpactVeryLow

diff --git a/csv/ControlLocations.csv b/csv/ControlLocations.csv
@@ -48,8 +48,6 @@ package#Network,domain#Clustering,domain#ClusterHost
 package#Network,domain#ContinuousAuthN,domain#Host
 package#Network,domain#ContinuousAuthNID,domain#Human
 package#Network,domain#ContinuousAuthVerifier,domain#Process
-package#Network,domain#CurrentRiskCalculation,domain#Host
-package#Network,domain#CurrentRiskCalculation,domain#Process
 package#Network,domain#DeviceCertification,domain#Host
 package#Network,domain#DisabledHost,domain#Host
 package#Network,domain#DisabledProcess,domain#Process