1.1. 确定并定义具体的保障级别 ...................................................................................................................... 2 1.2. 制定具体标准 ...................................................................................................................................... 3 1.3. 确定一组已知的相关威胁 ................................................................................................................ 5 1.4. 确定每种威胁与哪种保障级别相关 ...................................................................................................... 5 1.5. 确定针对威胁的常见缓解措施 ............................................................................................................. 6 1.6. 与供应商和利益相关者合作 ...................................................................................................................... 7 2. 检测并缓解威胁 ............................................................................................................................. 8 3. 了解并应对攻击 ............................................................................................................................. 9 4. 使用保障流程 ............................................................................................................................. 9 5. 结论 ............................................................................................................................................. 10 附录 A：标准化术语 ............................................................................................................................. 11 附录 B：LoA1 缓解概述 ................................................................................................................ 14