@@ -1066,6 +1066,90 @@ Guidance: Data transmitted may be protected by the environment or encryption.
> FIXME: update above
### 5.2.X **TR-IDST**: Integrity of data stored on the product
#### 5.2.X.x Requirement
The product shall protect the integrity of data stored on the product from unauthorized modification and report corruption.
Guidance: Integrity may be protected by the environment, permissions, duplication, backups, and/or checksums.
#### 5.2.X.x **MI-IDST**: Protect integrity of data stored on the product
The product shall protect the integrity of data stored on the product from unauthorized modification.
* Reference: TR-IDST
* Objective: Integrity of data
* Preparation: List all types of data that may be stored on the product that should not be modifiable without authorization, what methods of protecting integrity are appropriate for each type, all methods of modifying that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that modification method
* Activities: For each type of data and each access mechanism, determine the method of protecting integrity used, and attempt to modify the data without authorization
* Verdict: If all methods of ensuring integrity match the type of the data stored, and all the attempts to modify protected data without authorization fail => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and method of integrity and attempts to modify protected data without authorization
#### 5.2.X.x **MI-DCST**: Detect corruption of data stored
The product shall detect corruption of the data stored on the product.
* Reference: TR-IDST
* Objective: Integrity of data
* Preparation: List all types of data that may be stored on the product whose corruption should be detected and what methods of detecting corruption are appropriate for each type
* Activities: For each type of data and method of detecting corruption, corrupt the data in a way that the method will detect
* Verdict: If all methods of detecting corruption match the type of the data stored, and all the corruptions of data are detected => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and corruptions of data
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|--------------|----------------------|
| DAT < 1 | none |
| DAT < 2 | IDST |
| all others | IDST, DCST |
| Security Profile | Requires mitigations |
|------------------|----------------------|
| FIXME | none |
| FIXME | IDST |
| all others | IDST, DCST |
> TODO: Rate use cases by sensitivity of data stored and update the security profile list above.
### 5.2.X **TR-IDTX**: Integrity of data transmitted by the product
#### 5.2.X.x Requirement
The product shall detect corruption of the data transmitted by the product.
Guidance: Integrity may be protected by the environment, permissions, duplication, backups, and/or checksums.
#### 5.2.X.x **MI-DCTX**: Detect corruption of data transmitted by the product
The product shall detect corruption of the data transmitted by the product.
* Reference: TR-IDTX
* Objective: Integrity of data
* Preparation: List all types of data that may be transmitted by the product whose corruption should be detected and what methods of detecting corruption are appropriate for each type
* Activities: For each type of data and method of detecting corruption, corrupt the data in a way that the method will detect
* Verdict: If all methods of detecting corruption match the type of the data stored, and all the corruptions of data are detected => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and corruptions of data
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
