@@ -1447,40 +1447,6 @@ FIXME define RSKL/M/H as a function of other risk factors
Need to specify encryption related stuff that is not covered by ACM.
#### Notes
Pull out more tests from this:
The manufacturer shall perform functional and robustness testing on all security-relevant input paths of the network interface. These tests shall verify that the interface correctly handles both valid inputs, as defined by the relevant protocol standards, and invalid, malformed, or unexpected inputs.
Suggested type of tests include, but are not limited to:
* Functional testing: verify that all intended features of the interface respond correctly to valid inputs according to the protocol specifications.
* Boundary value analysis: test inputs at the upper and lower limits of accepted parameters (e.g., maximum/minimum packet length, field values).
* Negative testing: send malformed, incomplete, or out-of-specification inputs to ensure the interface does not crash, enter in an unsecure state or behave as not expected.
* Protocol compliance testing: ensure that interface adheres to protocol specifications, even when presented with borderline or non-standard inputs.
* Test: execute a test suite that covers all the commands and messages defined by the protocol, all boundary and edge cases, invalid and unexpected inputs, input sequences simulating error or stress condition.
* Result: the interface responds correctly to valid inputs and invalid input are handled gracefully, without causing crashes.
* Documentation: test suite used (types of tests, case covered, tools), test results and any known limitations with their justification.
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
# Annex A (informative): Mapping between the present document and CRA requirements
> Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.
The manufacturer shall perform functional and robustness testing on all security-relevant input paths of the network interface. These tests shall verify that the interface correctly handles both valid inputs, as defined by the relevant protocol standards, and invalid, malformed, or unexpected inputs.
Suggested type of tests include, but are not limited to:
* Functional testing: verify that all intended features of the interface respond correctly to valid inputs according to the protocol specifications.
* Boundary value analysis: test inputs at the upper and lower limits of accepted parameters (e.g., maximum/minimum packet length, field values).
* Negative testing: send malformed, incomplete, or out-of-specification inputs to ensure the interface does not crash, enter in an unsecure state or behave as not expected.
* Protocol compliance testing: ensure that interface adheres to protocol specifications, even when presented with borderline or non-standard inputs.
* Test: execute a test suite that covers all the commands and messages defined by the protocol, all boundary and edge cases, invalid and unexpected inputs, input sequences simulating error or stress condition.
* Result: the interface responds correctly to valid inputs and invalid input are handled gracefully, without causing crashes.
* Documentation: test suite used (types of tests, case covered, tools), test results and any known limitations with their justification.
