Unverified Commit 872231f3 authored by Aki Braun's avatar Aki Braun
Browse files

HAS 126; Remove Annex D.3

Resolves #363
parent 0a32a753
Loading
Loading
Loading
Loading
+0 −4
Original line number Diff line number Diff line
@@ -1201,10 +1201,6 @@ This clause describes the methodology followed in the current text.
| USED   | AUTH, CDST, SCDL, SDRF                                      |
| CPER   | AUTH, DMIN, CRYPT, AUTH, ROUT, DNSL, CDST, SCDL, SDRF, LOGG |

## D.3 Risk acceptance criteria

If the Likelihood and Impact of a risk are already Low or have been reduced to Low by application of mitigations, then the risk is acceptable. Alternatively, the risk may be transferred to the user or the operational environment, given proper justification.

## D.4 Risks not treated by the requirements

For each risk untreated by the product itself, a corresponding mitigation has been created to explicitly permit the risk to be transferred to the user or operational environment. These are: