Commit e36c2922 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Added modified REQ-GEN-3 assessment from Uli

Closes #399
parent 44b1886a
Loading
Loading
Loading
Loading
+25 −0
Original line number Diff line number Diff line
@@ -631,6 +631,31 @@ DDoS mitigations:

1. References to to documentation sections.

### 6.1.0.3 REQ-GEN-3

**Objective:** Product dependencies to external services and systems are documented and understood.<br/>
**Preparation:**

1.  Have the product initialised and available with the default configuration and required credentials.

**Activities:**

1. Study the technical documentation.
2. Cross-reference the documentation to the system operation.
3. Monitor the network traffic and capture all targets the systems is trying to initiate a connection with.

**Verdict:**

1. Pass if product dependencies or external systems are named and their purpose and provisions are described
2. and the services or external systems are clearly expressed as part of the architecture description
3. and the monitored network traffic targets matches the documentation.
4. Fail otherwise.

**Supporting Evidence:**

1. References to the documentation sections.
2. Listing of discovered targets and an explanation of those targets.

### 6.1.1 No known exploited vulnerabilities tests

#### 6.1.1.0 REQ-EXPLOIT-0