Realign Safety decision points IEC 61508

data/json/decision_points/human_impact_2_0_1.json

@@ -0,0 +1,29 @@
+{
+  "namespace": "ssvc",
+  "version": "2.0.1",
+  "key": "HI",
+  "name": "Human Impact",
+  "description": "Human Impact is a combination of Safety and Mission impacts.",
+  "values": [
+    {
+      "key": "L",
+      "name": "Low",
+      "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)"
+    },
+    {
+      "key": "M",
+      "name": "Medium",
+      "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))"
+    },
+    {
+      "key": "H",
+      "name": "High",
+      "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)"
+    },
+    {
+      "key": "VH",
+      "name": "Very High",
+      "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure"
+    }
+  ]
+}

data/json/decision_points/mission_and_well-being_impact_1_0_0.json

@@ -8,17 +8,17 @@
     {
       "key": "L",
       "name": "Low",
-      "description": "Mission Prevalence Minimal and Public Well-Being Impact Minimal"
+      "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal"
     },
     {
       "key": "M",
       "name": "Medium",
-      "description": "Mission Prevalence Support and Public Well-Being Impact Minimal or Material"
+      "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)"
     },
     {
       "key": "H",
       "name": "High",
-      "description": "Mission Prevalence Essential or Public Well-Being Impact Irreversible"
+      "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)"
     }
   ]
 }

data/json/decision_points/public_safety_impact_2_0_1.json

@@ -0,0 +1,19 @@
+{
+  "namespace": "ssvc",
+  "version": "2.0.1",
+  "key": "PSI",
+  "name": "Public Safety Impact",
+  "description": "A coarse-grained representation of impact to public safety.",
+  "values": [
+    {
+      "key": "M",
+      "name": "Minimal",
+      "description": "Safety Impact:Negligible"
+    },
+    {
+      "key": "S",
+      "name": "Significant",
+      "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)"
+    }
+  ]
+}

data/json/decision_points/public_well-being_impact_1_0_0.json

@@ -13,12 +13,12 @@
     {
       "key": "M",
       "name": "Material",
-      "description": "(Any one or more of these conditions hold.) \n\n*Physical harm*: Does one or more of the following:\n\n- Causes physical distress or injury to system users.\n- Introduces occupational safety hazards.\n- Reduces and/or results in failure of cyber-physical system safety margins.\n\n*Environment*: Major externalities (property damage, environmental damage, etc.) are\nimposed on other parties. \n\n*Financial*: Financial losses likely lead to bankruptcy of multiple persons. \n \n*Psychological*: Widespread emotional or psychological harm, sufficient to necessitate\ncounseling or therapy, impact populations of people. \n"
+      "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. "
     },
     {
       "key": "I",
       "name": "Irreversible",
-      "description": "(Any one or more of these conditions hold.)\n \n*Physical harm*: One or both of the following are true:\n\n- Multiple fatalities are likely.\n- The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed.\n\n*Environment*: Extreme or serious externalities (immediate public health threat, environmental damage leading to small\necosystem collapse, etc.) are imposed on other parties.\n\n*Financial*: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially\ncollapse.\n\n*Psychological*: N/A \n"
+      "description": "Any one or more of these conditions hold. Physical harm*: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed.  Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small  ecosystem collapse, etc.) are imposed on other parties.  Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse.  Psychological: N/A "
     }
   ]
 }

data/json/decision_points/safety_impact_2_0_0.json

@@ -0,0 +1,29 @@
+{
+  "namespace": "ssvc",
+  "version": "2.0.0",
+  "key": "SI",
+  "name": "Safety Impact",
+  "description": "The safety impact of the vulnerability. (based on IEC 61508)",
+  "values": [
+    {
+      "key": "N",
+      "name": "Negligible",
+      "description": "Any one or more of these conditions hold. Physical harm: Minor injuries at worst (IEC 61508 Negligible). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons."
+    },
+    {
+      "key": "M",
+      "name": "Marginal",
+      "description": "Any one or more of these conditions hold. Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people."
+    },
+    {
+      "key": "R",
+      "name": "Critical",
+      "description": "Any one or more of these conditions hold. Physical harm: Loss of life (IEC 61508 Critical). Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system\u2019s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A."
+    },
+    {
+      "key": "C",
+      "name": "Catastrophic",
+      "description": "Any one or more of these conditions hold. Physical harm: Multiple loss of life (IEC 61508 Catastrophic). Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A."
+    }
+  ]
+}

docs/_generated/decision_points/human_impact.md

@@ -1 +1 @@
-human_impact_2_0_0.md
+human_impact_2_0_1.md

docs/_generated/decision_points/human_impact_2_0_1.md

@@ -0,0 +1,19 @@
+<!-- This content is autogenerated by doctools.py. Do not Edit. -->
+!!! note "Human Impact v2.0.1"
+
+    === "Text" 
+
+        Human Impact is a combination of Safety and Mission impacts.
+
+        | Value | Definition |
+        |:-----|:-----------|
+        | Low | Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) |
+        | Medium | (Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) |
+        | High | (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) |
+        | Very High | Safety Impact:Catastrophic OR Mission Impact:Mission Failure |
+
+    === "JSON"
+
+        ```json
+        {% include "../../../data/json/decision_points/human_impact_2_0_1.json" %}
+        ```

docs/_generated/decision_points/mission_and_well-being_impact_1_0_0.md

@@ -7,9 +7,9 @@
 
         | Value | Definition |
         |:-----|:-----------|
-        | Low | Mission Prevalence Minimal and Public Well-Being Impact Minimal |
-        | Medium | Mission Prevalence Support and Public Well-Being Impact Minimal or Material |
-        | High | Mission Prevalence Essential or Public Well-Being Impact Irreversible |
+        | Low | Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal |
+        | Medium | Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material) |
+        | High | Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible) |
 
     === "JSON"
 

docs/_generated/decision_points/public_safety_impact.md

@@ -1 +1 @@
-public_safety_impact_2_0_0.md
+public_safety_impact_2_0_1.md

docs/_generated/decision_points/public_safety_impact_2_0_1.md

@@ -0,0 +1,17 @@
+<!-- This content is autogenerated by doctools.py. Do not Edit. -->
+!!! note "Public Safety Impact v2.0.1"
+
+    === "Text" 
+
+        A coarse-grained representation of impact to public safety.
+
+        | Value | Definition |
+        |:-----|:-----------|
+        | Minimal | Safety Impact:Negligible |
+        | Significant | Safety Impact:(Marginal OR Critical OR Catastrophic) |
+
+    === "JSON"
+
+        ```json
+        {% include "../../../data/json/decision_points/public_safety_impact_2_0_1.json" %}
+        ```

docs/_generated/decision_points/public_well-being_impact_1_0_0.md

@@ -8,37 +8,8 @@
         | Value | Definition |
         |:-----|:-----------|
         | Minimal | The effect is below the threshold for all aspects described in material.  |
-        | Material | (Any one or more of these conditions hold.) 
-
-*Physical harm*: Does one or more of the following:
-
-- Causes physical distress or injury to system users.
-- Introduces occupational safety hazards.
-- Reduces and/or results in failure of cyber-physical system safety margins.
-
-*Environment*: Major externalities (property damage, environmental damage, etc.) are
-imposed on other parties. 
-
-*Financial*: Financial losses likely lead to bankruptcy of multiple persons. 
-
-*Psychological*: Widespread emotional or psychological harm, sufficient to necessitate
-counseling or therapy, impact populations of people. 
- |
-        | Irreversible | (Any one or more of these conditions hold.)
-
-*Physical harm*: One or both of the following are true:
-
-- Multiple fatalities are likely.
-- The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed.
-
-*Environment*: Extreme or serious externalities (immediate public health threat, environmental damage leading to small
-ecosystem collapse, etc.) are imposed on other parties.
-
-*Financial*: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially
-collapse.
-
-*Psychological*: N/A 
- |
+        | Material | Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people.  |
+        | Irreversible | Any one or more of these conditions hold. Physical harm*: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed.  Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small  ecosystem collapse, etc.) are imposed on other parties.  Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse.  Psychological: N/A  |
 
     === "JSON"
 

docs/_generated/decision_points/safety_impact.md

@@ -1 +1 @@
-safety_impact_1_0_0.md
+safety_impact_2_0_0.md

docs/_generated/decision_points/safety_impact_2_0_0.md

@@ -0,0 +1,19 @@
+<!-- This content is autogenerated by doctools.py. Do not Edit. -->
+!!! note "Safety Impact v2.0.0"
+
+    === "Text" 
+
+        The safety impact of the vulnerability. (based on IEC 61508)
+
+        | Value | Definition |
+        |:-----|:-----------|
+        | Negligible | Any one or more of these conditions hold. Physical harm: Minor injuries at worst (IEC 61508 Negligible). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. |
+        | Marginal | Any one or more of these conditions hold. Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. |
+        | Critical | Any one or more of these conditions hold. Physical harm: Loss of life (IEC 61508 Critical). Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A. |
+        | Catastrophic | Any one or more of these conditions hold. Physical harm: Multiple loss of life (IEC 61508 Catastrophic). Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A. |
+
+    === "JSON"
+
+        ```json
+        {% include "../../../data/json/decision_points/safety_impact_2_0_0.json" %}
+        ```

docs/reference/decision_points/human_impact.md

@@ -38,3 +38,8 @@ For considerations on how organizations might communicate SSVC information to th
 see [Guidance on Communicating Results](../../../howto/communicating_results.md).
 
 
+## Prior Versions
+
+{% include-markdown "../../_generated/decision_points/human_impact_2_0_0.md" %}
+
+{% include-markdown "../../_generated/decision_points/mission_and_well-being_impact_1_0_0.md" %}

docs/reference/decision_points/public_safety_impact.md

@@ -15,3 +15,8 @@ Therefore we simplify the above into a binary categorization:
   [Safety Impact](../safety_impact.md) table.
 - _Minimal_ is when none do.
 
+## Prior Versions
+
+{% include-markdown "../../_generated/decision_points/public_safety_impact_2_0_0.md" %}
+
+{% include-markdown "../../_generated/decision_points/public_well-being_impact_1_0_0.md" %}

docs/reference/decision_points/safety_impact.md

@@ -211,3 +211,8 @@ resiliency</td>
 Deployers are anticipated to have a more fine-grained perspective on the safety impacts broadly defined in [Safety Impact](#table-safety-impact).
 We defer this topic for now because we combine it with [*Mission Impact*](#mission-impact) to simplify implementation for deployers.
 
+
+## Prior Versions
+
+{% include-markdown "../../_generated/decision_points/safety_impact_1_0_0.md" %}
+