12.1
|
Compromise of over the air software update procedures. This includes fabricating the system update program or firmware
|
M16
|
Secure software update procedures shall be employed
|
12.2
|
Compromise of local/physical software update procedures. This includes fabricating the system update program or firmware
|
12.3
|
The software is manipulated before the update process (and is therefore corrupted), although the update process is intact
|
12.4
|
Compromise of cryptographic keys of the software provider to allow invalid update
|
M11
|
Security controls shall be implemented for storing cryptographic keys
|
13.1
|
Denial of Service attack against update server or network to prevent rollout of critical software updates and/or unlock of customer specific features
|
M3
|
Security Controls shall be applied to back-end systems. Where back-end servers are critical to the provision of services there are recovery measures in case of system outage. Example Security Controls can be found in OWASP
|