Commit b6b313db authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Minor editorial changes

parent 9b6c93d6
Loading
Loading
Loading
Loading
+5 −2
Original line number Diff line number Diff line
@@ -250,8 +250,11 @@ As the product is delivered without known exploitable vulnerabilities, those leg
          6. the cryptographic mechanism is required for a specific set of product functions;
          7. <mark>[any additional criteria specified by the vertical standard, where applicable]</mark>.
    3. Interoperability-based: the cryptographic mechanism is listed in clause K.4.2 as an interoperability-based cryptographic mechanism for specific product function(s) and external specification(s) or external requirement(s).
* **[REQ-CRYPTO-3]** To prevent rollback or downgrade, the product shall enforce a monotonic policy/configuration version (or equivalent mechanism), record changes in tamper-evident audit logs, and prevent re-enabling deprecated algorithms or disabled security checks via rollback without an explicit, logged administrative override.
* **[REQ-CRYPTO-4]** Cryptographic mechanisms not covered by **[REQ-CRYPTO-1]** shall be disabled by default.
* **[REQ-CRYPTO-3]** Cryptographic mechanisms not covered by **[REQ-CRYPTO-1]** shall be disabled by default.
* **[REQ-CRYPTO-4]** To prevent rollback or downgrade:
  * the product shall enforce a monotonic policy/configuration version (or equivalent mechanism);
  * the product shall record changes in tamper-evident audit logs;
  * the product shall prevent re-enabling deprecated algorithms or disabled security checks via rollback without an explicit logged administrative override.
* **[REQ-CRYPTO-5]** For backward compatibility:
  * the product shall inform the user about the security implications when not using the default configuration;
  * the product shall inform the user the component requiring the weaker mechanism;