Date: May 6, 2024, 8:37:29 AM
Date: Aug 3, 2022, 11:34:34 AM
Editor: Juan
Name:
Name: Internet of Things - IoT [EN]
Description:
Description: Object composed by the assets that are on a classical architecture of an IoT
t | 1 | {} | t | 1 | { |
2 | "object": { | ||||
3 | "asset": { | ||||
4 | "amvs": [], | ||||
5 | "asset": { | ||||
6 | "code": "CONT", | ||||
7 | "description": "Asset container", | ||||
8 | "label": "Container", | ||||
9 | "language": "EN", | ||||
10 | "type": "Primary", | ||||
11 | "uuid": "d2023c8f-44d1-11e9-a78c-0800277f0571", | ||||
12 | "version": 0 | ||||
13 | }, | ||||
14 | "measures": [], | ||||
15 | "threats": [], | ||||
16 | "vuls": [] | ||||
17 | }, | ||||
18 | "children": [ | ||||
19 | { | ||||
20 | "asset": { | ||||
21 | "amvs": [ | ||||
22 | { | ||||
23 | "asset": "4447ebac-6831-4617-a653-4aedfe235faf", | ||||
24 | "threat": "b402d5f5-4576-11e9-9173-0800277f0571", | ||||
25 | "uuid": "26c8f378-14a7-4dda-885e-4e371ce0ed99", | ||||
26 | "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
27 | } | ||||
28 | ], | ||||
29 | "asset": { | ||||
30 | "code": "OV_IOT_ACTUATORS", | ||||
31 | "description": "", | ||||
32 | "label": "IoT - Actuators", | ||||
33 | "language": "EN", | ||||
34 | "type": "Secondary", | ||||
35 | "uuid": "4447ebac-6831-4617-a653-4aedfe235faf", | ||||
36 | "version": 0 | ||||
37 | }, | ||||
38 | "measures": [], | ||||
39 | "threats": [ | ||||
40 | { | ||||
41 | "a": false, | ||||
42 | "c": false, | ||||
43 | "code": "MDA18", | ||||
44 | "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", | ||||
45 | "i": true, | ||||
46 | "label": "Data from untrustworthy sources", | ||||
47 | "language": "EN", | ||||
48 | "theme": "Compromise of information", | ||||
49 | "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" | ||||
50 | } | ||||
51 | ], | ||||
52 | "vuls": [ | ||||
53 | { | ||||
54 | "code": "1094", | ||||
55 | "description": "", | ||||
56 | "label": "The system allows information to be sent and received without authentication of the senders or recipients", | ||||
57 | "language": "EN", | ||||
58 | "mode": 0, | ||||
59 | "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
60 | } | ||||
61 | ] | ||||
62 | }, | ||||
63 | "children": [], | ||||
64 | "object": { | ||||
65 | "label": "Actuator", | ||||
66 | "language": "EN", | ||||
67 | "name": "Actuator", | ||||
68 | "scope": "local", | ||||
69 | "uuid": "5581f4e4-75ea-4fe0-ac43-a4d8311ab6bf", | ||||
70 | "version": 0 | ||||
71 | }, | ||||
72 | "rolfRisks": [], | ||||
73 | "rolfTags": [] | ||||
74 | }, | ||||
75 | { | ||||
76 | "asset": { | ||||
77 | "amvs": [ | ||||
78 | { | ||||
79 | "asset": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", | ||||
80 | "threat": "b402d5af-4576-11e9-9173-0800277f0571", | ||||
81 | "uuid": "d1140297-6b68-4ccf-9716-665c0b3d4306", | ||||
82 | "vulnerability": "69fc0555-4591-11e9-9173-0800277f0571" | ||||
83 | } | ||||
84 | ], | ||||
85 | "asset": { | ||||
86 | "code": "OV_IOT_DEVICE", | ||||
87 | "description": "", | ||||
88 | "label": "IoT - Physical part of the IoT", | ||||
89 | "language": "EN", | ||||
90 | "type": "Secondary", | ||||
91 | "uuid": "fcea8308-cdd4-4207-a324-ed3f2c6800ff", | ||||
92 | "version": 0 | ||||
93 | }, | ||||
94 | "measures": [], | ||||
95 | "threats": [ | ||||
96 | { | ||||
97 | "a": true, | ||||
98 | "c": true, | ||||
99 | "code": "MD36", | ||||
100 | "description": "Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.", | ||||
101 | "i": false, | ||||
102 | "label": "Theft or destruction of media, documents or equipment", | ||||
103 | "language": "EN", | ||||
104 | "theme": "Compromise of information", | ||||
105 | "uuid": "b402d5af-4576-11e9-9173-0800277f0571" | ||||
106 | } | ||||
107 | ], | ||||
108 | "vuls": [ | ||||
109 | { | ||||
110 | "code": "1183", | ||||
111 | "description": "Can unauthorised persons access information without physical barriers?Is it easy to access? Are the premises public? Is there a passage or corridor nearby?", | ||||
112 | "label": "Persons without a service reason can gain access", | ||||
113 | "language": "EN", | ||||
114 | "mode": 0, | ||||
115 | "uuid": "69fc0555-4591-11e9-9173-0800277f0571" | ||||
116 | } | ||||
117 | ] | ||||
118 | }, | ||||
119 | "children": [], | ||||
120 | "object": { | ||||
121 | "label": "Device", | ||||
122 | "language": "EN", | ||||
123 | "name": "Device", | ||||
124 | "scope": "local", | ||||
125 | "uuid": "59617857-43b1-4660-b571-3f75fa22a1ae", | ||||
126 | "version": 0 | ||||
127 | }, | ||||
128 | "rolfRisks": [], | ||||
129 | "rolfTags": [] | ||||
130 | }, | ||||
131 | { | ||||
132 | "asset": { | ||||
133 | "amvs": [ | ||||
134 | { | ||||
135 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
136 | "threat": "b402d513-4576-11e9-9173-0800277f0571", | ||||
137 | "uuid": "7f9fb547-4f02-11e9-b3ea-0800277f0571", | ||||
138 | "vulnerability": "69fc04ed-4591-11e9-9173-0800277f0571" | ||||
139 | }, | ||||
140 | { | ||||
141 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
142 | "threat": "b402d5ea-4576-11e9-9173-0800277f0571", | ||||
143 | "uuid": "7f9fb55e-4f02-11e9-b3ea-0800277f0571", | ||||
144 | "vulnerability": "69fc0627-4591-11e9-9173-0800277f0571" | ||||
145 | }, | ||||
146 | { | ||||
147 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
148 | "threat": "b402d513-4576-11e9-9173-0800277f0571", | ||||
149 | "uuid": "7f9fb58d-4f02-11e9-b3ea-0800277f0571", | ||||
150 | "vulnerability": "69fc05b4-4591-11e9-9173-0800277f0571" | ||||
151 | }, | ||||
152 | { | ||||
153 | "asset": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
154 | "threat": "b402d5d5-4576-11e9-9173-0800277f0571", | ||||
155 | "uuid": "d2522441-1a7b-456f-8b4b-8f2d6b586632", | ||||
156 | "vulnerability": "69fc051f-4591-11e9-9173-0800277f0571" | ||||
157 | } | ||||
158 | ], | ||||
159 | "asset": { | ||||
160 | "code": "OV_MAINTENANCE", | ||||
161 | "description": "Software maintenance", | ||||
162 | "label": "Software maintenance", | ||||
163 | "language": "EN", | ||||
164 | "type": "Secondary", | ||||
165 | "uuid": "d2023de2-44d1-11e9-a78c-0800277f0571", | ||||
166 | "version": 0 | ||||
167 | }, | ||||
168 | "measures": [], | ||||
169 | "threats": [ | ||||
170 | { | ||||
171 | "a": true, | ||||
172 | "c": false, | ||||
173 | "code": "MA15", | ||||
174 | "description": "Design error, installation error or operating error committed during modification causing incorrect execution.", | ||||
175 | "i": true, | ||||
176 | "label": "Software malfunction", | ||||
177 | "language": "EN", | ||||
178 | "theme": "Technical failures", | ||||
179 | "uuid": "b402d513-4576-11e9-9173-0800277f0571" | ||||
180 | }, | ||||
181 | { | ||||
182 | "a": true, | ||||
183 | "c": true, | ||||
184 | "code": "MDA17", | ||||
185 | "description": "Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.", | ||||
186 | "i": true, | ||||
187 | "label": "Abuse of rights", | ||||
188 | "language": "EN", | ||||
189 | "theme": "Compromise of functions", | ||||
190 | "uuid": "b402d5ea-4576-11e9-9173-0800277f0571" | ||||
191 | }, | ||||
192 | { | ||||
193 | "a": true, | ||||
194 | "c": true, | ||||
195 | "code": "MDA13", | ||||
196 | "description": "Unwanted software that is doing operations seeking to harm the company.", | ||||
197 | "i": true, | ||||
198 | "label": "Malware infection", | ||||
199 | "language": "EN", | ||||
200 | "theme": "Compromise of information", | ||||
201 | "uuid": "b402d5d5-4576-11e9-9173-0800277f0571" | ||||
202 | } | ||||
203 | ], | ||||
204 | "vuls": [ | ||||
205 | { | ||||
206 | "code": "1172", | ||||
207 | "description": "Are there formal contractual agreements with the main third parties?Are there intervention rules? People's names? Timeframes?", | ||||
208 | "label": "No SLAs with third parties (internal or external)", | ||||
209 | "language": "EN", | ||||
210 | "mode": 0, | ||||
211 | "uuid": "69fc04ed-4591-11e9-9173-0800277f0571" | ||||
212 | }, | ||||
213 | { | ||||
214 | "code": "1224", | ||||
215 | "description": "Link permanently maintainedUnencrypted exchangesNo record", | ||||
216 | "label": "The supplier does not manage remote maintenance properly", | ||||
217 | "language": "EN", | ||||
218 | "mode": 0, | ||||
219 | "uuid": "69fc0627-4591-11e9-9173-0800277f0571" | ||||
220 | }, | ||||
221 | { | ||||
222 | "code": "1213", | ||||
223 | "description": "Is change management for software or the IT system correct?Is there planning for changes? Cost estimates? Tests before production begins?", | ||||
224 | "label": "Problems in change management or software maintenance", | ||||
225 | "language": "EN", | ||||
226 | "mode": 0, | ||||
227 | "uuid": "69fc05b4-4591-11e9-9173-0800277f0571" | ||||
228 | }, | ||||
229 | { | ||||
230 | "code": "1178", | ||||
231 | "description": "Is there a procedure? Is it formal?How frequently is it implemented? Who is in charge?Are tests performed? Before? After?", | ||||
232 | "label": "Update management (patches) is flawed", | ||||
233 | "language": "EN", | ||||
234 | "mode": 0, | ||||
235 | "uuid": "69fc051f-4591-11e9-9173-0800277f0571" | ||||
236 | } | ||||
237 | ] | ||||
238 | }, | ||||
239 | "children": [], | ||||
240 | "object": { | ||||
241 | "label": "Operating system", | ||||
242 | "language": "EN", | ||||
243 | "name": "Operating system", | ||||
244 | "scope": "local", | ||||
245 | "uuid": "4b31e8dd-24d8-4780-aa62-d5f4fff53760", | ||||
246 | "version": 0 | ||||
247 | }, | ||||
248 | "rolfRisks": [], | ||||
249 | "rolfTags": [] | ||||
250 | }, | ||||
251 | { | ||||
252 | "asset": { | ||||
253 | "amvs": [ | ||||
254 | { | ||||
255 | "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
256 | "threat": "b402d5df-4576-11e9-9173-0800277f0571", | ||||
257 | "uuid": "02c8ec95-756a-447b-916b-312b29c2e43c", | ||||
258 | "vulnerability": "69fc0101-4591-11e9-9173-0800277f0571" | ||||
259 | }, | ||||
260 | { | ||||
261 | "asset": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
262 | "threat": "b402d557-4576-11e9-9173-0800277f0571", | ||||
263 | "uuid": "4896c568-6eb2-4454-9d80-bad8f8106a0f", | ||||
264 | "vulnerability": "69fc0952-4591-11e9-9173-0800277f0571" | ||||
265 | } | ||||
266 | ], | ||||
267 | "asset": { | ||||
268 | "code": "OV_IOT_NETWORK_INTERFACE", | ||||
269 | "description": "IoT - Network interface", | ||||
270 | "label": "IoT - Interface réseau", | ||||
271 | "language": "EN", | ||||
272 | "type": "Secondary", | ||||
273 | "uuid": "7b8a1bca-0172-43e5-89e6-590c6a7d76af", | ||||
274 | "version": 0 | ||||
275 | }, | ||||
276 | "measures": [], | ||||
277 | "threats": [ | ||||
278 | { | ||||
279 | "a": true, | ||||
280 | "c": false, | ||||
281 | "code": "MDA16", | ||||
282 | "description": "A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.", | ||||
283 | "i": false, | ||||
284 | "label": "Saturation of the information system", | ||||
285 | "language": "EN", | ||||
286 | "theme": "Technical failures", | ||||
287 | "uuid": "b402d5df-4576-11e9-9173-0800277f0571" | ||||
288 | }, | ||||
289 | { | ||||
290 | "a": false, | ||||
291 | "c": true, | ||||
292 | "code": "MD15", | ||||
293 | "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", | ||||
294 | "i": false, | ||||
295 | "label": "Eavesdropping", | ||||
296 | "language": "EN", | ||||
297 | "theme": "Compromise of functions", | ||||
298 | "uuid": "b402d557-4576-11e9-9173-0800277f0571" | ||||
299 | } | ||||
300 | ], | ||||
301 | "vuls": [ | ||||
302 | { | ||||
303 | "code": "1070", | ||||
304 | "description": "", | ||||
305 | "label": "Incorrect sizing of resources (e.g. too many users for the number of connections possible and the passband)", | ||||
306 | "language": "EN", | ||||
307 | "mode": 0, | ||||
308 | "uuid": "69fc0101-4591-11e9-9173-0800277f0571" | ||||
309 | }, | ||||
310 | { | ||||
311 | "code": "210", | ||||
312 | "description": "", | ||||
313 | "label": "Equipment with a communication interface that can be eavesdropped (infrared, 802.11, Bluetooth, etc.)", | ||||
314 | "language": "EN", | ||||
315 | "mode": 0, | ||||
316 | "uuid": "69fc0952-4591-11e9-9173-0800277f0571" | ||||
317 | } | ||||
318 | ] | ||||
319 | }, | ||||
320 | "children": [], | ||||
321 | "object": { | ||||
322 | "label": "Communication interface", | ||||
323 | "language": "EN", | ||||
324 | "name": "Communication interface", | ||||
325 | "scope": "local", | ||||
326 | "uuid": "926e6d32-9bca-4675-b817-b572f5947072", | ||||
327 | "version": 0 | ||||
328 | }, | ||||
329 | "rolfRisks": [], | ||||
330 | "rolfTags": [] | ||||
331 | }, | ||||
332 | { | ||||
333 | "asset": { | ||||
334 | "amvs": [ | ||||
335 | { | ||||
336 | "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
337 | "threat": "b402d5c9-4576-11e9-9173-0800277f0571", | ||||
338 | "uuid": "5cf11c67-0843-4dec-bb0e-c649d97a2bc4", | ||||
339 | "vulnerability": "69fc057e-4591-11e9-9173-0800277f0571" | ||||
340 | }, | ||||
341 | { | ||||
342 | "asset": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
343 | "threat": "b402d620-4576-11e9-9173-0800277f0571", | ||||
344 | "uuid": "a162b328-c313-4464-80ba-f1db359d7655", | ||||
345 | "vulnerability": "69fc0f0d-4591-11e9-9173-0800277f0571" | ||||
346 | } | ||||
347 | ], | ||||
348 | "asset": { | ||||
349 | "code": "OV_IOT_STORAGE_LOCAL", | ||||
350 | "description": "", | ||||
351 | "label": "IoT - Local Storage", | ||||
352 | "language": "EN", | ||||
353 | "type": "Secondary", | ||||
354 | "uuid": "bc411cb6-d2fc-4e0c-8ed1-e5259e213e9b", | ||||
355 | "version": 0 | ||||
356 | }, | ||||
357 | "measures": [], | ||||
358 | "threats": [ | ||||
359 | { | ||||
360 | "a": false, | ||||
361 | "c": true, | ||||
362 | "code": "MDA12", | ||||
363 | "description": "Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.", | ||||
364 | "i": false, | ||||
365 | "label": "Retrieval of recycled or discarded media", | ||||
366 | "language": "EN", | ||||
367 | "theme": "Compromise of information", | ||||
368 | "uuid": "b402d5c9-4576-11e9-9173-0800277f0571" | ||||
369 | }, | ||||
370 | { | ||||
371 | "a": true, | ||||
372 | "c": false, | ||||
373 | "code": "MDA29", | ||||
374 | "description": "Event causing destruction of equipment or media.", | ||||
375 | "i": false, | ||||
376 | "label": "Destruction of equipment or supports", | ||||
377 | "language": "EN", | ||||
378 | "theme": "Physical damage", | ||||
379 | "uuid": "b402d620-4576-11e9-9173-0800277f0571" | ||||
380 | } | ||||
381 | ], | ||||
382 | "vuls": [ | ||||
383 | { | ||||
384 | "code": "1191", | ||||
385 | "description": "Is there a formal procedure?Is it followed?Is the disposal line correct?", | ||||
386 | "label": "Disposal is not carried out properly", | ||||
387 | "language": "EN", | ||||
388 | "mode": 0, | ||||
389 | "uuid": "69fc057e-4591-11e9-9173-0800277f0571" | ||||
390 | }, | ||||
391 | { | ||||
392 | "code": "283", | ||||
393 | "description": "", | ||||
394 | "label": "No back-up of data contained on the media", | ||||
395 | "language": "EN", | ||||
396 | "mode": 0, | ||||
397 | "uuid": "69fc0f0d-4591-11e9-9173-0800277f0571" | ||||
398 | } | ||||
399 | ] | ||||
400 | }, | ||||
401 | "children": [], | ||||
402 | "object": { | ||||
403 | "label": "Local storage", | ||||
404 | "language": "EN", | ||||
405 | "name": "Local storage", | ||||
406 | "scope": "local", | ||||
407 | "uuid": "7da319ff-851c-414f-bb76-50cfc48254b5", | ||||
408 | "version": 0 | ||||
409 | }, | ||||
410 | "rolfRisks": [], | ||||
411 | "rolfTags": [] | ||||
412 | }, | ||||
413 | { | ||||
414 | "asset": { | ||||
415 | "amvs": [ | ||||
416 | { | ||||
417 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
418 | "threat": "b402d4e0-4576-11e9-9173-0800277f0571", | ||||
419 | "uuid": "1631becd-9756-46f3-b23d-a3d93bac3fab", | ||||
420 | "vulnerability": "69fc0515-4591-11e9-9173-0800277f0571" | ||||
421 | }, | ||||
422 | { | ||||
423 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
424 | "threat": "b402d600-4576-11e9-9173-0800277f0571", | ||||
425 | "uuid": "7f9fb735-4f02-11e9-b3ea-0800277f0571", | ||||
426 | "vulnerability": "69fc04e2-4591-11e9-9173-0800277f0571" | ||||
427 | }, | ||||
428 | { | ||||
429 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
430 | "threat": "b402d530-4576-11e9-9173-0800277f0571", | ||||
431 | "uuid": "7f9fb74c-4f02-11e9-b3ea-0800277f0571", | ||||
432 | "vulnerability": "69fc04c4-4591-11e9-9173-0800277f0571" | ||||
433 | }, | ||||
434 | { | ||||
435 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
436 | "threat": "b402d530-4576-11e9-9173-0800277f0571", | ||||
437 | "uuid": "7f9fb763-4f02-11e9-b3ea-0800277f0571", | ||||
438 | "vulnerability": "69fc04d1-4591-11e9-9173-0800277f0571" | ||||
439 | }, | ||||
440 | { | ||||
441 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
442 | "threat": "b402d600-4576-11e9-9173-0800277f0571", | ||||
443 | "uuid": "7f9fb77a-4f02-11e9-b3ea-0800277f0571", | ||||
444 | "vulnerability": "69fc061d-4591-11e9-9173-0800277f0571" | ||||
445 | }, | ||||
446 | { | ||||
447 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
448 | "threat": "b402d58f-4576-11e9-9173-0800277f0571", | ||||
449 | "uuid": "7f9fb7a9-4f02-11e9-b3ea-0800277f0571", | ||||
450 | "vulnerability": "69fc1924-4591-11e9-9173-0800277f0571" | ||||
451 | }, | ||||
452 | { | ||||
453 | "asset": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
454 | "threat": "b402d557-4576-11e9-9173-0800277f0571", | ||||
455 | "uuid": "7f9fb7ca-4f02-11e9-b3ea-0800277f0571", | ||||
456 | "vulnerability": "69fc0560-4591-11e9-9173-0800277f0571" | ||||
457 | } | ||||
458 | ], | ||||
459 | "asset": { | ||||
460 | "code": "OV_LOGICIEL", | ||||
461 | "description": "Business application", | ||||
462 | "label": "Software", | ||||
463 | "language": "EN", | ||||
464 | "type": "Secondary", | ||||
465 | "uuid": "d2023dd3-44d1-11e9-a78c-0800277f0571", | ||||
466 | "version": 0 | ||||
467 | }, | ||||
468 | "measures": [], | ||||
469 | "threats": [ | ||||
470 | { | ||||
471 | "a": true, | ||||
472 | "c": true, | ||||
473 | "code": "MA11", | ||||
474 | "description": "A person commits an operating error, input error or utilisation error on hardware or software.", | ||||
475 | "i": true, | ||||
476 | "label": "Error in use", | ||||
477 | "language": "EN", | ||||
478 | "theme": "Compromise of functions", | ||||
479 | "uuid": "b402d4e0-4576-11e9-9173-0800277f0571" | ||||
480 | }, | ||||
481 | { | ||||
482 | "a": false, | ||||
483 | "c": true, | ||||
484 | "code": "MDA20", | ||||
485 | "description": "Person who voluntarily or negligently disclosure information.", | ||||
486 | "i": false, | ||||
487 | "label": "Disclosure", | ||||
488 | "language": "EN", | ||||
489 | "theme": "Compromise of information", | ||||
490 | "uuid": "b402d600-4576-11e9-9173-0800277f0571" | ||||
491 | }, | ||||
492 | { | ||||
493 | "a": true, | ||||
494 | "c": true, | ||||
495 | "code": "MD14", | ||||
496 | "description": "A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.", | ||||
497 | "i": true, | ||||
498 | "label": "Forging of rights", | ||||
499 | "language": "EN", | ||||
500 | "theme": "Compromise of functions", | ||||
501 | "uuid": "b402d530-4576-11e9-9173-0800277f0571" | ||||
502 | }, | ||||
503 | { | ||||
504 | "a": false, | ||||
505 | "c": false, | ||||
506 | "code": "MD24", | ||||
507 | "description": "A person or entity denies being involved in an exchange with a third party or carrying out an operation.", | ||||
508 | "i": true, | ||||
509 | "label": "Denial of actions", | ||||
510 | "language": "EN", | ||||
511 | "theme": "Compromise of functions", | ||||
512 | "uuid": "b402d58f-4576-11e9-9173-0800277f0571" | ||||
513 | }, | ||||
514 | { | ||||
515 | "a": false, | ||||
516 | "c": true, | ||||
517 | "code": "MD15", | ||||
518 | "description": "Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.", | ||||
519 | "i": false, | ||||
520 | "label": "Eavesdropping", | ||||
521 | "language": "EN", | ||||
522 | "theme": "Compromise of functions", | ||||
523 | "uuid": "b402d557-4576-11e9-9173-0800277f0571" | ||||
524 | } | ||||
525 | ], | ||||
526 | "vuls": [ | ||||
527 | { | ||||
528 | "code": "1177", | ||||
529 | "description": "Does the software's design cause users problems?Is it complicated to understand or use?Does training or adaptation take a long time? Are there any known errors?", | ||||
530 | "label": "Tools or programs are not adapted for use or are not ergonomic", | ||||
531 | "language": "EN", | ||||
532 | "mode": 0, | ||||
533 | "uuid": "69fc0515-4591-11e9-9173-0800277f0571" | ||||
534 | }, | ||||
535 | { | ||||
536 | "code": "1168", | ||||
537 | "description": "Are all authorisations granted in compliance with this principle?", | ||||
538 | "label": "The need-to-know principle is not respected", | ||||
539 | "language": "EN", | ||||
540 | "mode": 0, | ||||
541 | "uuid": "69fc04e2-4591-11e9-9173-0800277f0571" | ||||
542 | }, | ||||
543 | { | ||||
544 | "code": "1166", | ||||
545 | "description": "Is there a formal procedure?Who authorises access?Is the four-eyes principle followed?", | ||||
546 | "label": "Authorisation management is flawed", | ||||
547 | "language": "EN", | ||||
548 | "mode": 0, | ||||
549 | "uuid": "69fc04c4-4591-11e9-9173-0800277f0571" | ||||
550 | }, | ||||
551 | { | ||||
552 | "code": "1167", | ||||
553 | "description": "Is there a password policy?Are there good practices (length, complexity, change, etc.)?Is there one account per person?Are there shared accounts?", | ||||
554 | "label": "User authentication is not ensured", | ||||
555 | "language": "EN", | ||||
556 | "mode": 0, | ||||
557 | "uuid": "69fc04d1-4591-11e9-9173-0800277f0571" | ||||
558 | }, | ||||
559 | { | ||||
560 | "code": "1221", | ||||
561 | "description": "Can data be exported?Also in a structured format (XLS, CSV, XML, etc.)?", | ||||
562 | "label": "User rights allow information to be exported", | ||||
563 | "language": "EN", | ||||
564 | "mode": 0, | ||||
565 | "uuid": "69fc061d-4591-11e9-9173-0800277f0571" | ||||
566 | }, | ||||
567 | { | ||||
568 | "code": "50", | ||||
569 | "description": "Are there logs?Are they sufficient in terms of the checks to be carried out?", | ||||
570 | "label": "No storage of activity tracks", | ||||
571 | "language": "EN", | ||||
572 | "mode": 0, | ||||
573 | "uuid": "69fc1924-4591-11e9-9173-0800277f0571" | ||||
574 | }, | ||||
575 | { | ||||
576 | "code": "1184", | ||||
577 | "description": "Is the method of communication encrypted?Could third parties access the method of communication?", | ||||
578 | "label": "Use of an unsecured method of communication", | ||||
579 | "language": "EN", | ||||
580 | "mode": 0, | ||||
581 | "uuid": "69fc0560-4591-11e9-9173-0800277f0571" | ||||
582 | } | ||||
583 | ] | ||||
584 | }, | ||||
585 | "children": [], | ||||
586 | "object": { | ||||
587 | "label": "Application", | ||||
588 | "language": "EN", | ||||
589 | "name": "Application", | ||||
590 | "scope": "local", | ||||
591 | "uuid": "cbfb813a-3e9c-415c-9ece-9c2bd7c781b7", | ||||
592 | "version": 0 | ||||
593 | }, | ||||
594 | "rolfRisks": [], | ||||
595 | "rolfTags": [] | ||||
596 | }, | ||||
597 | { | ||||
598 | "asset": { | ||||
599 | "amvs": [ | ||||
600 | { | ||||
601 | "asset": "fa281f62-931c-47dd-82b6-976e543a2168", | ||||
602 | "threat": "b402d5f5-4576-11e9-9173-0800277f0571", | ||||
603 | "uuid": "15715227-f575-462b-b467-236532cddbb6", | ||||
604 | "vulnerability": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
605 | } | ||||
606 | ], | ||||
607 | "asset": { | ||||
608 | "code": "OV_IOT_SENSORS", | ||||
609 | "description": "", | ||||
610 | "label": "IoT - Sensor", | ||||
611 | "language": "EN", | ||||
612 | "type": "Secondary", | ||||
613 | "uuid": "fa281f62-931c-47dd-82b6-976e543a2168", | ||||
614 | "version": 0 | ||||
615 | }, | ||||
616 | "measures": [], | ||||
617 | "threats": [ | ||||
618 | { | ||||
619 | "a": false, | ||||
620 | "c": false, | ||||
621 | "code": "MDA18", | ||||
622 | "description": "Receiving false data or unsuitable equipment from outside sources and using them in the organisation.", | ||||
623 | "i": true, | ||||
624 | "label": "Data from untrustworthy sources", | ||||
625 | "language": "EN", | ||||
626 | "theme": "Compromise of information", | ||||
627 | "uuid": "b402d5f5-4576-11e9-9173-0800277f0571" | ||||
628 | } | ||||
629 | ], | ||||
630 | "vuls": [ | ||||
631 | { | ||||
632 | "code": "1094", | ||||
633 | "description": "", | ||||
634 | "label": "The system allows information to be sent and received without authentication of the senders or recipients", | ||||
635 | "language": "EN", | ||||
636 | "mode": 0, | ||||
637 | "uuid": "69fc01e7-4591-11e9-9173-0800277f0571" | ||||
638 | } | ||||
639 | ] | ||||
640 | }, | ||||
641 | "children": [], | ||||
642 | "object": { | ||||
643 | "label": "Sensor", | ||||
644 | "language": "EN", | ||||
645 | "name": "Sensor", | ||||
646 | "scope": "local", | ||||
647 | "uuid": "e1473c38-42fc-4124-8b66-595ed18c1db2", | ||||
648 | "version": 0 | ||||
649 | }, | ||||
650 | "rolfRisks": [], | ||||
651 | "rolfTags": [] | ||||
652 | } | ||||
653 | ], | ||||
654 | "object": { | ||||
655 | "label": "IoT", | ||||
656 | "language": "EN", | ||||
657 | "name": "IoT", | ||||
658 | "scope": "local", | ||||
659 | "uuid": "0ceec4ea-73c0-4055-bcf1-819346ffdd0b", | ||||
660 | "version": 0 | ||||
661 | }, | ||||
662 | "rolfRisks": [], | ||||
663 | "rolfTags": [] | ||||
664 | } | ||||
665 | } |