Commit ceba1df7 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Added confidentiality check to the integrity protection assessment

Closes #128, #129 HAS68 and HAS67
parent d6f562ce
Loading
Loading
Loading
Loading
+7 −4
Original line number Diff line number Diff line
@@ -802,17 +802,20 @@ Verify that:

1. Study the technical documentation.
2. Identify the structures where administrative, PII or otherwise privileged information is transferred.
3. Study the implementation from the product and from the technical documentation.
3. Study the deployment guidance.
4. Study the implementation from the product and from the technical documentation.

**Verdict:**

1. Pass, if the flow of privileged information is identifiable from the documentation,
2. and testing the implementation of interfaces matches the documentation.
3. Fail otherwise.
2. and testing the implementation of interfaces matches the documentation
3. and the interfaces transfering confidential data are protected with encryption.
4. Fail otherwise.

**Supporting Evidence:**

1. Listing of tested interfaces and the protocol replies that show what encryption is used.
1. Listing of tested interfaces and the protocol replies that show that encryption is used.
2. Listing of interfaces showing authentication is used.


### 6.2.0.3 REQ-TECH-3