-
Notifications
You must be signed in to change notification settings - Fork 0
/
risk_config.yaml
83 lines (78 loc) · 2.91 KB
/
risk_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# risks:
- risk_id: "T-O-RAN-01"
workload:
- "CU"
- "DU"
risk_description: "Unauthenticated/unauthorized access of the O_RAN component leads to compromised performance and/or function/service, lateral attack towards other O-RAN system component(s) from inside, and loss/stolen/tampering of sensitive data"
severity: "High"
checkpoints:
CHK_TLS:
- description: "Is TLS Enabled?"
- status: false
CHK_POLP_INGRESS:
- description: "Network Policies for Ingress connections?"
- status: false
CHK_SENSITIVE_ASSETS:
- description: "Are Least Permissive Policies enforced for Sensitive Assets?"
- status: false
- risk_id: "T-O-RAN-01(NEAR RT RIC)"
workload:
- "xApps"
- "rApps"
risk_description: "Unauthenticated/unauthorized access of the O_RAN component leads to compromised performance and/or function/service, lateral attack towards other O-RAN system component(s) from inside, and loss/stolen/tampering of sensitive data"
severity: "High"
checkpoints:
CHK_TLS:
- description: "Is TLS Enabled?"
- status: false
CHK_POLP_INGRESS:
- description: "Network Policies for Ingress connections?"
- status: false
CHK_SENSITIVE_ASSETS:
- description: "Are Least Permissive Policies enforced for Sensitive Assets?"
- status: false
- risk_id: "3GPP-5GCore (Section 4.2.5)"
workload:
- "UDR"
risk_description: "Only UDM, PCF, and NEF can connect to Ingress on UDR"
severity: "High"
checkpoints:
CHK_TLS:
- description: "Is TLS Enabled?"
- status: false
CHK_POLP_INGRESS:
- description: "Network Policies for Ingress connections?"
- status: false
CHK_SENSITIVE_ASSETS:
- description: "Are Least Permissive Policies enforced for Sensitive Assets?"
- status: false
- risk_id: "3GPP 33.501"
workload:
- "NRF"
risk_description: "No Egress connections should be allowed from NRF at runtime."
severity: "High"
checkpoints:
CHK_TLS:
- description: "Is TLS Enabled?"
- status: false
CHK_POLP_INGRESS:
- description: "Network Policies for Ingress connections?"
- status: false
CHK_SENSITIVE_ASSETS:
- description: "Are Least Permissive Policies enforced for Sensitive Assets?"
- status: false
- risk_id: "MITRE-5GCORE"
workload:
- "SMF"
risk_description: "There should be only one EGRESS connection i.e to UPF from SMF"
severity: "High"
checkpoints:
CHK_TLS:
- description: "Is TLS Enabled?"
- status: false
CHK_POLP_EGRESS:
- description: "Network Policies for Egress connections?"
- status: false
CHK_SENSITIVE_ASSETS:
- description: "Are Least Permissive Policies enforced for Sensitive Assets?"
- status: false