WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -624,7 +624,7 @@ _Description of mitigation implementing the requirement in "shall" format._
### 5.2.1 General
This section is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following section will define which mitigations will be required, depending on risk factors and/or a use case.
This clause is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following clause will define which mitigations will be required, depending on risk factors and/or a use case.
**See Annex C for more information.**
@@ -1489,7 +1489,7 @@ The product shall have vulnerability handling processes compliant with <a ref="_
### 5.3.1 Introduction
This section lists all the mitigations necessary to meet requirements for each security profile.
This clause lists all the mitigations necessary to meet requirements for each security profile.
@@ -2070,7 +2070,7 @@ The risk modeling approach followed in this document can be applied to two situa
**Methodology**
This section describes the metholodogy followed in the current text.
This clause describes the metholodogy followed in the current text.
1. Document a comprehensive range of foreseeable use cases for products of this type.
1. For a particular use case, document the inherent and product-specific risk factors likely to affect products of that type which are not already covered by other relevant standards.
@@ -2117,7 +2117,7 @@ This is a short introduction to how standards work, how CRA vertical standards w
### E.2.1 General
The present document is a vertical standard for the Cyber Resilience Act. This is a new kind of standard with some unusual properties. Read the rest of this section to understand how it works.
The present document is a vertical standard for the Cyber Resilience Act. This is a new kind of standard with some unusual properties. Read the rest of this clause to understand how it works.
### E.2.2 TL;DR
@@ -2181,7 +2181,7 @@ New use cases and security profiles may be developed using existing or new risk
### E.4.9 Manufacturer may use any CRA-conformant risk assessment methodology
The risk assessment section of a vertical standard is informative only. It exists to demonstrate that the standards writers have undertaken a risk assessment of the product. The manufacturer is explicitly permitted to use any risk assessment methodology consistent with the requirements in the CRA.
The risk assessment clause of a vertical standard is informative only. It exists to demonstrate that the standards writers have undertaken a risk assessment of the product. The manufacturer is explicitly permitted to use any risk assessment methodology consistent with the requirements in the CRA.
