Unverified Commit 9b8c7a27 authored by Aki Braun's avatar Aki Braun
Browse files

Whitespace, mostly

- Reformatted tables
- Removed superfulous bold from table headers
- Deleted some editors notes no longer needed
- Renumbered some clauses
- Added "req numbering is weird" note, but maybe just need to decide a better numbering solution
parent 0dc3b0c0
Loading
Loading
Loading
Loading
+266 −268

File changed.

Preview size limit exceeded, changes collapsed.

+105 −109

File changed.

Preview size limit exceeded, changes collapsed.

+0 −4
Original line number Diff line number Diff line
@@ -28,8 +28,6 @@ This clause provides objective and reproducible assessment criteria to determine

For each cybersecurity requirements defined in [clause 5](#5-technical-requirements-for-the-products), the following clauses specify assessment criteria to determine if the technical requirement is met.

<mark>Editor's note: Please ensure that there is an easy, clear and unambiguous mapping of the requirements in [clause 5](#5-technical-requirements-for-the-products) to the relevant assessment criteria in clause 6.</mark>

The assessment criteria for each security requirements are described in a structured manner, as follows:

- **Assessment reference:** Refers to the identifier of the concerned technical requirement.
@@ -45,8 +43,6 @@ The assessment criteria for each security requirements are described in a struct

<mark>Editor's Note: Precisely reference individual tools or include an unambiguous characterization by way of tool capabilities to ensure consistent tool application. For instance, "state-of-the-art vulnerability scanner" shall instead be replaced with "vulnerability scanner that covers all CVEs, supports credentialed and non-credentialed scans, ..."</mark>

<mark>Editor's Note: The standard shall not discourage the use of paid security products to comply with requirements by mandating specific free tools where other options are equally suitable. In such cases, the free tools can be listed informatively, but the general capabilities required of the tool should be listed normatively.</mark>

  - Required information/documentation for the assessment: Specify all information that is necessary to perform the assessment.
  - Reference any vendor-provided setup guides, configuration instructions, or operational manuals, as well as any relevant standards or technical notes, that define how the product shall be configured or operated for the assessment.

+27 −27

File changed.

Preview size limit exceeded, changes collapsed.

+16 −16

File changed.

Preview size limit exceeded, changes collapsed.