Loading EN-304-621.md +25 −0 Original line number Diff line number Diff line Loading @@ -631,6 +631,31 @@ DDoS mitigations: 1. References to to documentation sections. ### 6.1.0.3 REQ-GEN-3 **Objective:** Product dependencies to external services and systems are documented and understood.<br/> **Preparation:** 1. Have the product initialised and available with the default configuration and required credentials. **Activities:** 1. Study the technical documentation. 2. Cross-reference the documentation to the system operation. 3. Monitor the network traffic and capture all targets the systems is trying to initiate a connection with. **Verdict:** 1. Pass if product dependencies or external systems are named and their purpose and provisions are described 2. and the services or external systems are clearly expressed as part of the architecture description 3. and the monitored network traffic targets matches the documentation. 4. Fail otherwise. **Supporting Evidence:** 1. References to the documentation sections. 2. Listing of discovered targets and an explanation of those targets. ### 6.1.1 No known exploited vulnerabilities tests #### 6.1.1.0 REQ-EXPLOIT-0 Loading Loading
EN-304-621.md +25 −0 Original line number Diff line number Diff line Loading @@ -631,6 +631,31 @@ DDoS mitigations: 1. References to to documentation sections. ### 6.1.0.3 REQ-GEN-3 **Objective:** Product dependencies to external services and systems are documented and understood.<br/> **Preparation:** 1. Have the product initialised and available with the default configuration and required credentials. **Activities:** 1. Study the technical documentation. 2. Cross-reference the documentation to the system operation. 3. Monitor the network traffic and capture all targets the systems is trying to initiate a connection with. **Verdict:** 1. Pass if product dependencies or external systems are named and their purpose and provisions are described 2. and the services or external systems are clearly expressed as part of the architecture description 3. and the monitored network traffic targets matches the documentation. 4. Fail otherwise. **Supporting Evidence:** 1. References to the documentation sections. 2. Listing of discovered targets and an explanation of those targets. ### 6.1.1 No known exploited vulnerabilities tests #### 6.1.1.0 REQ-EXPLOIT-0 Loading