Edited 6.1.1 .0 references to main product vulnerabilities in the OS to be... (9e4f94cf) · Commits · STAN4CRA / EN 304 621 Network Management Systems

EN-304-621.md

+1 −1

Original line number	Diff line number	Diff line
		@@ -983,7 +983,7 @@ There are three different types of assessments used in this document.
		Requirement a: The product shall have no vulnerabilities discovered by scans.<br/>
		Requirement b: The product shall have only discoverable vulnerabilities whose age is consistent with the manufacturer's documentation of how long vulnerabilities may go unfixed after public disclosure.<br/>
		Requirement c: For each detected vulnerability, the product shall have publicly available documentation explaining how the risk has been mitigated.<br/>
		Objective: Disclosure of new vulnerabilities in the operating system and its dependencies are proactively monitored.<br/>
		Objective: Disclosure of new vulnerabilities in the network management system and its dependencies are proactively monitored.<br/>
		Preparation:

		1. Select up to three vulnerability scanners meeting the requirements

Original line number	Diff line number	Diff line
		@@ -983,7 +983,7 @@ There are three different types of assessments used in this document.
		Requirement a: The product shall have no vulnerabilities discovered by scans.<br/>
		Requirement b: The product shall have only discoverable vulnerabilities whose age is consistent with the manufacturer's documentation of how long vulnerabilities may go unfixed after public disclosure.<br/>
		Requirement c: For each detected vulnerability, the product shall have publicly available documentation explaining how the risk has been mitigated.<br/>
		Objective: Disclosure of new vulnerabilities in the operating system and its dependencies are proactively monitored.<br/>
		Objective: Disclosure of new vulnerabilities in the network management system and its dependencies are proactively monitored.<br/>
		Preparation:

		1. Select up to three vulnerability scanners meeting the requirements