Granularity of the requirements

Some of the requirements are described in a way that leaves room for interpretation and arbitrary choices. The draft standard uses words like “appropriate”, “feasible”, and “sufficient”, making it difficult to assess the effectiveness of the implemented cybersecurity requirements. The standard should aim to define requirements, with clear implementation criteria, to enable manufacturers to implement what is appropriate/feasible/sufficient.