Commit f41601cc authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Updated into in SBOM

Closes #320
parent b6b313db
Loading
Loading
Loading
Loading
+0 −7
Original line number Diff line number Diff line
@@ -277,13 +277,6 @@ As the product is delivered without known exploitable vulnerabilities, those leg

### 5.2.5 Software Bill of Materials

These requirements are generally binding, and there is no low-medium-high tiering available.

- **[REQ-SBOM-0]:** Operating system dependencies and application dependencies shall be clearly separated in the provided SBOM.
- **[REQ-SBOM-1a]:** Unique, unambiguous, and machine-readable identification of all components and dependencies shall be provided in the SBOM.
- **[REQ-SBOM-1b]:** The SBOM identifier format shall be consistent with common vulnerability handling standards.
- **[REQ-SBOM-2]:** The SBOM shall be consistent with [5.3.4 Secure updates] practices.

### 5.2.6 Identity and access management

Authorization is the final step that assigns execution and access rights to resources to a user.
+1 −1
Original line number Diff line number Diff line
@@ -2737,7 +2737,7 @@ Early versions of this document had a section about SBOM requirements.

Removed requirements:

These requirements are generally binding, and there is no low-medium-high tiering available.
The requirements in 5.2.5 apply to all NMS products and are not subject to low-, medium-, or high-tier differentiation, because the SBOM is a baseline transparency and dependency-management artifact needed to support vulnerability handling, update management, and product assessment across all deployment contexts.

- **[REQ-SBOM-0]:** Operating system dependencies and application dependencies shall be clearly separated in the provided SBOM.
- **[REQ-SBOM-1a]:** Unique, unambiguous, and machine-readable identification of all components and dependencies shall be provided in the SBOM.