Clarification on SSM-1 DN-1 → DN-2 Flow (YES/NO Interpretation) #23
Replies: 1 comment
-
|
Hello @Roger2625 , Thank you for your questions. Sorry for the delay. Question 1: Question 2: Question 3:
I hope this helps. Guillaume |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Asset under assessment:
Network asset– LAN Configuration (Network asset, Sensitive network function configuration)
Current scenario:
LAN configuration is persistently stored on the device
It is only accessible and modifiable by the root user
Unprivileged users cannot read or modify the configuration
Decision Tree Questions (SSM-1)
DT.SSM-1.DN-1 asks:
In this scenario, logical protection exists via privilege separation (root-only access).
Question 1:
➡️Network asset Should DT.SSM-1.DN-1 therefore be evaluated as YES?
DT.SSM-1.DN-2 asks:
Given that LAN configuration is Sensitive (not Confidential) and integrity is protected by access control:
Question 2:
➡️ If DN-1 = YES, should the assessment proceed to DT.SSM-1.DN-2, and can DN-2 be evaluated as YES, resulting in SSM-1 = PASS?
YES / NO confusion clarification
In DT.SSM , the visual layout appears to suggest that a YES outcome at DN-1 leads directly to Not Applicable, while NO proceeds to DN-2. However, semantically:
A NO at DN-1 (no protection at all) would make SSM-1 Not Applicable
A YES at DN-1 logically requires further evaluation at DN-2
Question 3:
➡️ Can you confirm that DN-1 = YES → DN-2, and DN-1 = NO → Not Applicable, and that the diagram should be interpreted semantically rather than by arrow placement?
My question is ??
For a LAN configuration stored persistently and accessible only to root, does DN-1 evaluate to YES (thus proceeding to DN-2), or should this be considered Not Applicable under SSM-1?
Beta Was this translation helpful? Give feedback.
All reactions