@@ -1177,6 +1177,8 @@ The log messages shall not include any confidential information such as Personal
> NOTE: One type of event for which log messages must take care to not accidentally include a secret is failed password authentication attempts. Since users often type their password into the username field, including the username field in the log message may result in including a secret in the log message.
> NOTE: According to the Risk Mitigation Sets in Clause 5.3, this mitigation (MI-LOGG-2) is optional and dependent on the product's intended use case and corresponding security profile; becoming a mandatory mitigation only for specific use cases defined by higher-risk or enterprise profiles where centralized log management is a standard security expectation.
#### 5.2.15.4 MI LOGG 3: No-Logs Policy and Traffic Anonymization (### 5.13.N LOG)
***\[REQ-LOG-jg2hq]** The remote data processing solutions of the VPN manufacturer shall technically enforce a strict "no-logs" policy.