Commit b84ed490 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Update secure design and development requirements

parent 12d9b97f

EN-304-625.md

+11 −13
Original line number Diff line number Diff line
@@ -758,19 +758,17 @@ The manufacturer shall ensure that all security-relevant firmware and software a 


#### 5.2.X.x Mapping of mitigations to risk factors and security profiles



Mitigations satisfy technical requirements only under when they mitigate the relevant risks appropriately. Risk factors are used to determine this. The below table shows which mitigations are appropriate to which use cases or security profiles based on the risk factors determined in the risk assessment.



| Risk factors        | Requires mitigations               |

|---------------------|----------------------|

|---------------------|------------------------------------|

| NET < 1             | SCFS                               |

| NET < 1 or COM < 1  | SSCA                 |

| NET > 0 and COM > 0 | FZ95 or ETIN or IMSL |

| NET < 1 or COM < 1  | SCFS, SSCA                         |

| NET > 0 and COM > 0 | SCFS, SCCA, (FZ95 or ETIN or IMSL) |



| Security Profile | Requires mitigations               |

|---------------------|--------------------------------|

|------------------|------------------------------------|

| VI-1             | SCFS                               |

| WD-2                | SSCA                           |

| all others          | FZ95 or ETIN or IMSL           |

| WD-2             | SCFS, SSCA                         |

| all others       | SCFS, SSCA, (FZ95 or ETIN or IMSL) |



### 5.2.X **TR-MSAF**: Memory error mitigations