@@ -939,25 +939,25 @@ Mitigations satisfy technical requirements only under when they mitigate the rel
#### 5.2.X.x Requirement
The network interface shall implement mechanisms to observe when the firmware and/or software of the network interface is no longer capable of performing its functions and automatically reset the network interface to a functioning state or notify another part of the system.
The network interface shall implement a mechanism to facilitate the automatic reset of the network interface to a functioning state when the network interface enters a state in which it cannot perform its functions.
#### 5.2.X.x MI-WDOG: Watchdog to reset network interface
#### 5.2.X.x MI-WDOG: Watchdog and self-initiated reset
The network interface shall implement a watchdog mechanism that observes whether the network interface is capable of performing its functions. If the watchdog observes that the interfaces is not capable of performing its functions for a significant period of time, it will reset the network interface to a functioning state using a hardware-based mechanism.
The network interface shall implement a mechanism to trigger an automatic reset when it detects that it is no longer able to perform its functions.
* Applicability: only applies to physical network interfaces
* Test: use a testing interface to halt the firmware or software, wait for the watchdog to reset the firmware, and then attempt to use a network interface function after any necessary initialization or configuration
* Result: after a specific time period has elapsed, the interface restarts, any initialization or configuration succeeds, and the use of the network interface function succeeded
* Output: error, log message, statistics update, or other information from card indicating reset has occurred, log message or statistic showing the post-reset test function succeeded
* Applicability: physical network interfaces that have a remote management feature
* Preparation: document the conditions that indicate the device cannot perform its functions
* Test: cause each of the conditions to occur
* Result: for each condition, the network interface resets itself
* Output: error, log message, statistics update, or other information from card indicating reset of network interface
#### 5.2.X.x MI-NTFY: Notify fatal errors to ask for reset and/or firmware reload
#### 5.2.X.x MI-NTFY: Watchdog and notification of host
The network interface shall implement a notification mechanism to inform the host whether the network interface is not capable of performing its functions.
The network interface shall implement a mechanism to notify the host system when it detects that it is no longer able to perform its functions.
FIXME finish test
* Test: produce ? the notification condition
* Result: the notification is received by the host
* Preparation: document the conditions that indicate the device cannot perform its functions
* Test: cause each of the conditions to occur
* Result: for each condition, the notification is received by the host
* Output: error, log message, statistics update, or other information from card indicating error notification was received
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
@@ -968,16 +968,12 @@ FIXME define a security profile for interfaces that are the primary interface
| Risk factors | Requires mitigations |
|---------------------|----------------------|
| REM == 0 & FUN <= 1 | None |
| REM > 0 or FUN = 2 | WDOG |
| REM == 0 or FUN < 2 | NTFY or WDOG |
| REM > 0 & FUN == 2 | WDOG |
| Security Profile | Requires mitigations |
|---------------------|----------------------|
| VI-1, VI-2 | NTFY |
| WD-1, WL-1 | None FIXME |
| WD-2, WL-2 | WDOG or NTFY |
FIXME security profiles aren't rated for REM or FUN yet
| FIXME | FIXME |
### 5.2.X **TR-XXXX**: Encryption related stuff
@@ -1052,18 +1048,18 @@ Suggested type of tests include, but are not limited to:
