Commit 9df6cc98 authored by August Bournique's avatar August Bournique
Browse files

Added "Complexity" Risk factor to list of risk factors used to set risk level.... 

Added "Complexity" Risk factor to list of risk factors used to set risk level.  Fixing typo as agreed in rapporteur discussion of 27-05-2026.

Resolves HAS 38 #99 and OC5_230 #305
parent d8b1baa6

EN-304-621.md

+1 −1
Original line number Diff line number Diff line
@@ -713,7 +713,7 @@ This section contains technical cybersecurity requirements for the product. Each 
Each requirement has at least one concrete example that satisfies the requirements of the CRA.

Later [Section 5.3 Risk Mitigations](#53-risk-mitigations) combines these general requirements to [Section 4.5 Risk Factors](#45-risk-factors). The Risk Mitigations can include additional topic specific requirements.



When evaluating the applicability of these requirements, the highest of following risk factors define the category to follow: [SRU], [Segment], [NIS2]

When evaluating the applicability of these requirements, the highest of following risk factors define the category to follow: [SRU], [Complexity], [Segment], [NIS2]



For low risk:

- **[REQ-TECH-0]** The product shall be shipped without undocumented interfaces.