<mark>REQ-HA-3 needs documentation trick for: "made available in the technical documentation"</mark>
<mark>How to include protections against DDoS or similar?</mark>
For high risk:
***[REQ-HA-4]** The prodct shall implement coordinated brute‑force and overload protection mechanisms that not only detect excessive authentication attempts or inbound traffic surges but also enforce active mitigation actions including, but not limited to connection throttling, temporary IP blocking, message buffering, QoS parameterisation.