| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 4 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 5 Security considerations throughout the product life cycle 5.1 Security considerations throughout the product life cycle overview <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 5.2 Information and communication technology threat model 5.3 Classes of threats 5.4 Structure of the report <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 6 Phase 1: Concept 6.1 General 6.2 Summary of concept threats and controls 6.2.1 Workflow toolchain tampering <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 6.2.2 Unauthorized operations 6.2.3 Integrity faults 6.2.4 Theft or loss 7 Phase 2: Development 7.1 General 7.2 Summary of development threats and controls 7.2.1 Attacks on development tools and\/or network 7.2.2 Malicious embedded firmware <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 7.2.3 Malicious hardware 7.2.4 Malicious software (driver) 7.2.5 Counterfeit <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 8 Phase 3: Source and manufacture 8.1 General 8.2 Source 8.3 Manufacture 8.4 Summary of production threats and controls 8.4.1 Attack on production tools, data exchange tools and\/or network 8.4.2 Unauthorized disclosure <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 8.4.3 Reverse engineering \/ theft of design 8.4.4 Improper system settings 8.4.5 Design alteration 8.4.6 Insertion of malicious and\/or counterfeit components <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 8.4.7 Falsification of test results 8.4.8 Product theft 8.4.9 Code insertion or replacement (firmware, operating system, software) 8.4.10 System replacement (spoof device) <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 9 Phase 4: Transport 9.1 General 9.2 Summary of production threats and controls 9.2.1 Product theft 9.2.2 Code insertion or replacement (firmware, operating system, software) 9.2.3 Insertion of malicious components 9.2.4 System replacement (spoof device) 9.2.5 Physical attack in storage and transit 10 Phase 5: Utilization and support 10.1 General <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 10.2 Provision 10.3 Utilization 10.4 Support 10.5 Summary of utilization threats and controls 10.5.1 Unknown provenance 10.5.2 Spoofed system (replaced system) <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 10.5.3 Undetected tampering 10.5.4 \u200bBuild data store tampering 10.5.5 Non-current device\/product (firmware, operation system, application, drivers) 10.5.6 Unauthorized changes (firmware, operating system, software) 10.5.7 Unauthorized component swap <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 10.5.8 Insertion or replacement with malicious component 10.5.9 Product data store tampering 11 Phase 6: Retirement 11.1 General 11.2 Summary of retirement threats and controls 11.2.1 Inaccurate hardware return <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 11.2.2 Incomplete data removal <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | Annex A (informative) Product security threat mapping to SCLC phases <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | Annex B (informative) Typical threats for hardware <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | Annex C (informative) Typical threats for software <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | Annex D (informative) Typical threats for data <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | Annex E (informative) Use of tagalongs <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | Annex F (informative) Software tampering <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Cybersecurity. Security considerations throughout the product life cycle<\/b><\/p>\n |