IEEE Std 11073-40101-2020 pdf download – Health informatics—Device interoperability Part 40101:  Foundational—Cybersecurity— Processes for vulnerability assessment.
6.2 Data flow diagram One approach to system decomposition is the creation of a data flow diagram (DFD). DFDs are typically used to graphically represent a system, but different representation may also be used [such as a UML diagram (Unified Modeling Language) or an SysML diagram (System Modeling Language)]. In any case, the same basic method is applied: decompose the system into parts and determine the kinds of attack to which the parts may be vulnerable, with related risk and harm. DFDs consist of five elements: ¾ Data flows represent data in motion over system interfaces. ¾ Data stores represent data at rest within the system. ¾ Processes create, read, update, or delete data and are typically applications run within the system. ¾ Interactors are the end points of the system (e.g., end-user) and generally are providers and consumers that are outside the scope of the system. ¾ Trust boundaries represent the borders between trusted and untrusted elements of the DFD. See Figure 3 (in 8.3.3) for an example of a DFD. 6.3 STRIDE classification scheme STRIDE is a classification scheme for characterizing identified threats during the development process according to the kinds of exploits that are used by the attacker. The STRIDE acronym is formed from the first letter of each of the following threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
7.3 eCVSS The original version of CVSS was designed to address software-only systems and create scores after the software systems were in the field. It was designed to allow for the use of the base metrics along with additions or adjustments. In the effort to develop this standard, changes to CVSS were needed to support physical PHDs/PoCDs and create scores during design to guide the development of systems. As a result, the embedded Common Vulnerability Scoring System (eCVSS) was created as a slightly modified branch of CVSS 2.0 (FIRST [B2]). This creation is not an effort of the Forum of Incident Response and Security Teams (FIRST), but is instead proposed by the working group that developed this standard. The eCVSS modifications to CVSS are as follows: ¾ The Temporal Group was effectively removed by forcing the three metrics to a neutral value because the scoring in eCVSS is conducted during design. ¾ The three “Requirement” metrics in the Environmental Metric Group (i.e., Confidential, Integrity, Availability) were recognized to be system wide. These metrics are set only once for the system and then applied to all the identified vulnerabilities. ¾ The Target Distribution metric was removed as it refers to distribution of the system, and the scoring in eCVSS is conducted during design. Instead, a new Awareness metric in the Environmental Metric Group has replaced the Target Distribution metric. A complete description of eCVSS along with scoring equations is provided in Annex C.