Clean up TODOs (bea93e4b) · Commits · STAN4CRA / EN 304 620 Virtual Private Networks Part 1

EN-304-620-1.md

+2 −2

Original line number	Diff line number	Diff line
		@@ -746,9 +746,9 @@ Requirements: AUTH, DMIN

		Mitigations for Likelihood:

		* Medium to Low: TODO-HAS: add risk transfer to environment
		* Medium to Low: TODO: add risk transfer to environment

		* High to Low: TODO-HAS: add risk transfer to environment
		* High to Low: TODO: add risk transfer to environment

		Mitigations for Impact:

+0 −24

Original line number	Diff line number	Diff line
		@@ -32,8 +32,6 @@ This section is a list of technical requirements necessary to satisfy the CRA es

		NOT ALL MITIGATIONS ARE NECESSARY FOR ALL USE CASES. See Section 5.3 for the mappings of security profiles to mitigations and Annex C for additional information.

		> TODO-HAS: Clause C.6 needs to be moved to 5.3.

		### 5.2.2 TR-NKEV: No known exploitable vulnerabilities at first use

		#### 5.2.2.1 Requirement
		@@ -1110,28 +1108,6 @@ The product shall protect data stored on the product from unauthorized access.

		Guidance: Data may be protected by the environment, permissions, encryption, salting and hashing, offline storage, or hardware-backed secrets.

		> TODO-HAS: delete below template before sending

		> Copy-n-paste mitigation format

		### 5.2.X TR-XXXX:

		#### 5.2.X.1 Requirement

		_Description of high-level requirement in "shall" format_.

		#### 5.2.X.x MI-XXXX:

		_Description of mitigation in "shall" format_.

		* Applicability: (optional, for requirements that depend on a feature)
		* Reference: TR-
		* Objective:
		* Preparation:
		* Activities:
		* Verdict:
		* Evidence:

		## 5.3 Risk mitigation sets

		### 5.3.1 General