Control IgnorePhysicalThreats
URI: IgnorePhysicalThreats
Package: Physical
Description: Indicates that physical threats from this location can be ignored. This can only be used at the global inferred location (the World) where hosts are assumed to be if no other location is specified or inferred. This control provides a means for SSM users to signal that physical attacks are out of scope for any host with no other location, i.e. that such hosts are assumed to be in an unspecified but secure location.
A singleton subclass of Public Space representing all unsecured physical locations that are not in any other Space. |
Indicates that threats from as well as to the space Space can be ignored, i.e. that the risk model intentionally does not consider physical attacks from Space. This is only permitted if Space is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure. |
|
Inconsistent controls to resolve treatment of hosts with no explicit location. Used only as a trigger for modelling error threats. |