> List technical security requirements for the product. Each requirement should be objectively verifiable on an instance of a product. Each should include an implementable method of verifying the requirement is met. Each should include a way to determine if the requirement is applicable to the product. Ideally each will include at least one concrete example of an implementation that satisfies the requirement and a test that verifies it. If the requirement allows the manufacturer to specify their own solution to the technical requirement, the requirement should include a specific way to measure the effectiveness of the risk mitigation and set a minimum level.
-**[REQ-UPDATES-1]** Verify integrity of the upddate before installation (hash checks).
-**[REQ-UPDATES-2]** Use secure channels for update delivery (e.g., TLS).
### 5.3.x Logging
### 5.3.5 Logging
<mark>AMS: Luka and Bruno are working on this. Skip for now.</mark>
@@ -712,7 +724,7 @@ Manfacturer shall implement logging system features listed in the table below.
| [REQ-LOG-3] | Not required | Required |
| [REQ-LOG-4] | Not required | Required |
### 5.3.x Monitoring
### 5.3.6 Monitoring
Reasoning for monitoring requirements is often justified by data integrity protection. Faults can not be detected, if an attacker can hide it's existense.
@@ -778,16 +790,22 @@ Manfacturer shall implement monitoring system features as listed in the table be
Matching tests for these requirements are listed in [6.3.x Monitoring tests](#63x-monitoring-tests).
### 5.3.x High Availability
### 5.3.7 Data minimization
-**[REQ-MON-2]** Metrics name, purpose, and value interpretation are described for the user.
-**[REQ-MON-3]** Metrics cadence, accuracy and storage time are described for the user.
-**[REQ-MON-4]** System does not collect metrics that are not directly used in operative purposes.
### 5.3.8 High Availability
High availability starts from the running process.
In a modern cluster runtime environment used in large system deployments, the process rarely can control the loss of underlying resources.
Administrative actions can shutdown the node without preseeding announcement unexpectedly.
It is up to the software design to tolerate these interruptions.
Modern design is often distributed, but depending on the implementation and runtime context, a singular process can also provide the targetted service availability if implemented correctly.
Modern design is often distributed, but depending on the implementation and runtime context, a singular process can also provide the targetted service availability if implemented correctly and self healing system can launch a replacement within the given time window.
The high availability d
The high availability requirements are:
-**[REQ-HA-0]** Expected availability is defined for each relevant system component.
-**[REQ-HA-1]** System tolerates loss of resources.
@@ -970,7 +988,6 @@ The high availability d
1. References to to documentation sections.
#### 6.1.1.7 REQ-EXPLOIT-7
**Objective**: Operating system dependencies and application dependencies are clearly separated in the provided SBOM.<br/>
@@ -1009,7 +1026,6 @@ The high availability d
1. References to to documentation sections.
## 6.2 Technical security requirement tests and assesments
### 6.2.5 REQ-TECH-5
@@ -1405,26 +1421,44 @@ The high availability d
> Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.
[5.3.3 Mitigations for managed device configuration integrity and confidentiality]:#533-mitigations-for-managed-device-configuration-integrity-and-confidentiality
