Formatting and wording changes in generic requirements

The product shall require authorization by default to access security-relevant assets, such as product firmware, security-relevant configuration, sensitive data, and sensitive functions.

  * Reference: TR-SDEF

  * Objective: Find any unauthorized access to security relevant assets in default configuration

  * Preparation: List all interfaces allowing access to security-relevant assets

  * Activities: For each interface, attempt to access security-relevant assets without authorization and record whether access was allowed or not

  * Verdict: If every interface does not allow access without authorization => PASS, otherwise => FAIL

  * Evidence: List of interfaces allowing access to security-relevant assets, record of activities used to attempt unauthorized access to security-relevant assets, log of results of attempts

#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

### 5.2.X **TR-CONF**: Confidentiality of assets

#### 5.2.X.x **MI-SCNF**: Confidentiality of data stored on the device

#### 5.2.X.x **MI-SCNF**: Confidentiality of data stored on the product

The device shall protect confidential data stored on the device from unauthorized access.

The product shall protect confidential data stored on the product from unauthorized access.

  * Reference: TR-CONF

  * Objective: Confidentiality of data

  * Preparation: List all types of data that may be stored on the device that should not be readable without authorization, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method

  * Preparation: List all types of data that may be stored on the product that should not be readable without authorization, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method

  * Activities: For each type of data and each access mechanism, attempt to read the data without authorization

|---------------------|----------------------|

| any                 | SCNF                 |

#### 5.2.X.x **MI-TCNF**: Confidentiality of data transmitted by device

#### 5.2.X.x **MI-TCNF**: Confidentiality of data transmitted by product

The device shall protect data transmitted by the device from unauthorized access.

The product shall protect data transmitted by the product from unauthorized access.

  * Reference: TR-CONF

### 5.2.X **TR-SCDL**: Secure deletion

The product shall provide a method of deleting all data and settings and resetting the device to its secure-by-default configuration.

The product shall provide a method of deleting all data and settings and resetting the product to its secure-by-default configuration.

#### 5.2.X.x **MI-RSET**:

  * Objective: Secure deletion

  * Preparation: Document every kind of data or setting that may be stored on the device, how to store it on the device, and how to read it from the device

  * Preparation: Document every kind of data or setting that may be stored on the product, how to store it on the product, and how to read it from the product

  * Activities: For each kind of user data or setting that may be stored on the device, write an instance of the data or setting stored on the device that is different from the default, read it from the device, power cycle or reset the device, and read the data again

  * Activities: For each kind of user data or setting that may be stored on the product, write an instance of the data or setting stored on the product that is different from the default, read it from the product, power cycle or reset the product, and read the data again

  * Verdict: If any data or setting is the same for both of the reads => FAIL, otherwise => PASS

### 5.2.X **TR-SDTR**: Secure data transfer

The device shall provide a method to securely transfer all data and settings from the device to other devices or systems.

The product shall provide a method to securely transfer all data and settings from the product to other products or systems.

#### 5.2.X.x **MI-DTTH**: Data transfer to host

The device shall provide a method by which an authorized user on the host system can securely read all data and settings from the device.

The product shall provide a method by which an authorized user on the host system can securely read all data and settings from the product.

  * Reference: TR-SDTR

### 5.2.X **TR-DMIN**:

The device shall minimize the data processed.

The product shall minimize the data processed.

#### 5.2.X.x **MI-DJST**: Document and justify processed data

All sources of data processed by the device in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

All sources of data processed by the product in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

  * Reference: TR-DMIN

  * Objective: Minimize data processed

  * Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the device is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

  * Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

  * Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the device is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

  * Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the product is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

  * Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL

### 5.2.X **TR-DMIN**:

The device shall minimize the data processed.

The product shall minimize the data processed.

#### 5.2.X.x **MI-DJST**: Document and justify processed data

All sources of data processed by the device in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

All sources of data processed by the product in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

  * Reference: TR-DMIN

  * Objective: Minimize data processed

  * Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the device is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

  * Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

  * Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the device is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

  * Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the product is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

  * Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL

  * Verdict: The second version number is that of the new firmware => PASS, otherwise FAIL

  * Evidence: Log of querying the firmware version, installing the new firmware, and querying the firmware version again

#### 5.2.X.x **MI-SCHL**: Low secure updates provided by host

#### 5.2.X.x **MI-SCHL**: Low security updates provided by operational environment

The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "Low" security level for the product supplying it.

The technical documentation provided with the product shall document that the operational environment shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the product. The secure update method shall satisfy the "Low" security level for the product supplying it.

  * Reference: TR-SCUD

  * Objective: Secure updates

  * Activities: Assess the documentation provided with the product

  * Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL

  * Verdict: Documentation describes requirements for the secure updates provided by the operational environment => PASS, otherwise FAIL

  * Evidence: Documentation and analysis of completeness

#### 5.2.X.x **MI-SCHM**: Medium secure updates provided by host

#### 5.2.X.x **MI-SCHM**: Medium secure updates provided by operational environment

The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "Medium" security level for the product supplying it.

The technical documentation provided with the product shall document that the operational environment shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the product. The secure update method shall satisfy the "Medium" security level for the product supplying it.

  * Reference: TR-SCUD

  * Objective: Secure updates

  * Activities: Assess the documentation provided with the product

  * Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL

  * Verdict: Documentation describes requirements for the secure updates provided by the operational environment => PASS, otherwise FAIL

  * Evidence: Documentation and analysis of completeness

#### 5.2.X.x **MI-SCHH**: High secure updates provided by host

#### 5.2.X.x **MI-SCHH**: High secure updates provided by operational environment

The technical documentation provided with the product shall document that the host system shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the device. The secure update method shall satisfy the "High" security level for the product supplying it.

The technical documentation provided with the product shall document that the operational environment shall provide a method of receiving notifications of secure updates from the manufacturer, retrieving the updates, verifying the updates, and applying them to the product. The secure update method shall satisfy the "High" security level for the product supplying it.

  * Reference: TR-SCUD

  * Objective: Secure updates

  * Activities: Assess the documentation provided with the product

  * Verdict: Documentation describes requirements for the secure updates provided by the host system => PASS, otherwise FAIL

  * Verdict: Documentation describes requirements for the secure updates provided by the operational environment => PASS, otherwise FAIL

  * Evidence: Documentation and analysis of completeness

#### 5.2.X.x Mapping of mitigations to risk factors and security profiles