Remove duplicate DMIN and fix type in CRA mapping (800a26ed) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+1 −31

Original line number	Diff line number	Diff line
		@@ -1169,36 +1169,6 @@ All sources of data processed by the product in its secure-by-default configurat
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		### 5.2.X TR-DMIN:

		The product shall minimize the data processed.

		#### 5.2.X.x MI-DJST: Document and justify processed data

		All sources of data processed by the product in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

		* Reference: TR-DMIN

		* Objective: Minimize data processed

		* Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

		* Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the product is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

		* Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL

		* Evidence: List of sources of data, list of product states, documentation of each source of data, list of sources of data processed in each state, connection between each discovered source of processed data to its documentation

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		### 5.2.X TR-SCUD: Secure updates

		The product shall be securely updateable by the user.
		@@ -1362,7 +1332,7 @@ Suggested type of tests include, but are not limited to:
		\|-------------------------------------------------\|------------------------------------\|
		\| No known exploitable vulnerabilities \| _waiting on cross-vertical_ \|
		\| Secure design, development, production \| IMEM \|
		\| Secure by default configuration \| ADEF \|
		\| Secure by default configuration \| SDEF \|
		\| Secure updates \| SCUD \|
		\| Authentication and access control mechanisms \| _waiting on cross-vertical_ \|
		\| Confidentiality protection \| SCNF, TCNF \|

Original line number	Diff line number	Diff line
		@@ -1169,36 +1169,6 @@ All sources of data processed by the product in its secure-by-default configurat
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		### 5.2.X TR-DMIN:

		The product shall minimize the data processed.

		#### 5.2.X.x MI-DJST: Document and justify processed data

		All sources of data processed by the product in its secure-by-default configuration shall be documented. All sources of data processed shall have a documented rationale for why its processing is necessary for the functioning of the product in its secure-by-default configuration.

		* Reference: TR-DMIN

		* Objective: Minimize data processed

		* Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it must be processed for the product to perform its functions.

		* Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the product is processing data from that source, list all sources of data processed in each state. Compare to the documented list.

		* Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL

		* Evidence: List of sources of data, list of product states, documentation of each source of data, list of sources of data processed in each state, connection between each discovered source of processed data to its documentation

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles

		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		\| Security Profile \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| any \| DJST \|

		### 5.2.X TR-SCUD: Secure updates

		The product shall be securely updateable by the user.
		@@ -1362,7 +1332,7 @@ Suggested type of tests include, but are not limited to:
		\|-------------------------------------------------\|------------------------------------\|
		\| No known exploitable vulnerabilities \| _waiting on cross-vertical_ \|
		\| Secure design, development, production \| IMEM \|
		\| Secure by default configuration \| ADEF \|
		\| Secure by default configuration \| SDEF \|
		\| Secure updates \| SCUD \|
		\| Authentication and access control mechanisms \| _waiting on cross-vertical_ \|
		\| Confidentiality protection \| SCNF, TCNF \|