@@ -1173,43 +1173,73 @@ The product shall reset to its secure-by-default state after the secure deletion
| Risk factors | Requires mitigations |
|--------------|----------------------|
| any | RSET or INST or DELE |
| DAT < 1 | none |
| DAT > 0 | RSET or INST or DELE |
| Security Profile | Requires mitigations |
|------------------|----------------------|
| all | RSET or INST or DELE |
| FIXME | none |
| FIXME | RSET or INST or DELE |
### 5.2.X **TR-SDTR**: Secure data transfer
> FIXME: Update when risk factors are fully filled out
The product shall provide a method to securely transfer all data and settings from the product to other products or systems.
### 5.2.X **TR-SDTR**: Secure data read and transfer
FIXME break this down farther
#### 5.2.X.x Requirement
The product shall provide a method to read all data and settings from the product, and if provided, securely transfer data and settings to another product.
#### 5.2.X.x **MI-SDRF**: Secure data read from product
#### 5.2.X.x **MI-DTTH**: Data transfer to host
The product shall provide a method by which an authorized user can securely read all data and settings from the product.
The product shall provide a method by which an authorized user on the host system can securely read all data and settings from the product.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SDTR
* Objective: Secure data transfer
* Objective: Secure data read
* Preparation: List all data and settings.
* Preparation: List all data and settings
* Activities: For each kind of data or setting, read the data or setting as an authorized user, then attempt read the data or setting as an unauthorized user, if any exists
* Verdict: All data and settings can be read by the authorized user, and no data or setting can be read by an unauthorized user
* Verdict: All data and settings can be read by the authorized user, and no data or setting can be read by an unauthorized user => PASS, otherwise FAIL
* Evidence: List of data and settings, log message showing success or failure of each read by the authorized user and, if applicable, the unauthorized user
#### 5.2.X.x **MI-SDTR**: Secure data transfer to another product
The product shall provide a method by which an authorized user can securely transfer all data and settings from the product to another product.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SDTR
* Objective: Secure data transfer
* Preparation: Prepare methods by which an unauthorized user could read the data during transfer as outlined in the risk assessment
* Activities: Read the data and settings, initiate the data transfer, and attempt to read the data and settings as an unauthorized user, then read the data and settings from the target product and compare with the data and settings read from the source product
* Verdict: No data or settings were read by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS, otherwise FAIL
* Evidence: List of data and settings, log messages from the attempts to read data as the unauthorized user, data and settings as read from the source product and as read from the target product, comparison explaining technical reasons for any differences in the two veresions
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|---------------------|----------------------|
| any | RSET and DTTH |
|-------------------|----------------------|
| DAT < 1 | none |
| DAT < 2 & COM < 2 | SDRF |
| all others | SDRF, SDTR |
| Security Profile | Requires mitigations |
|---------------------|----------------------|
| any | RSET and DTTH |
|------------------|----------------------|
| FIXME | none |
| FIXME | SDRF |
| FIXME | SDRF, SDTR |
> FIXME: Update when risk factors are fully filled out
