Commit cb378296 authored by Valerie Aurora's avatar Valerie Aurora
Browse files

Add security profile to risk mitigation sets mapping

parent 554c48c9

EN-304-625.md

+24 −6
Original line number Diff line number Diff line
@@ -1513,17 +1513,35 @@ If the product provides a method to transfer data and settings to another produc 


## 5.3 Risk Mitigation Sets



> TODO: Connect the technical security requirements in clause 5.2 to specific Risk Factors, and define these as sets of Risk Mitigations that will be referenced in clause 6.

### 5.3.1 Wired network interface risk mitigation sets



# 6 Conformity Assessment

SP-WD-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), SUDC, (SUVP or SUOE), NTFY or WDOG, LOGG



> FIXME: Split out assessment from clause 5 requirements and put them here if required. For now, they are adjacent to the requirement they are assessing, which is far easier to read, write, and understand.

SP-WD-2: KEVD, SCAN, SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), SDEE-1, SDEE-4, ADEF, DPAH,  SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG



# Annex A (informative): Mapping between the present document and CRA requirements

SP-WD-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, NTFY or WDOG, JSTY, LOGG



SP-WD-4: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDTX, DCTX, DJST, WDOG, JSTY, LOGG



### 5.3.2 Wireless network interface risk mitigation sets



SP-WL-1: KEVD, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF



SP-WL-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF



SP-WL-3: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF



> Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.

### 5.3.3 Virtual network interface risk mitigation sets



> FIXME add requirements when they exist

SP-VI-1: KEVD, SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, NTFY or WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF



SP-VI-2: KEVD, SCAN, SCFS, SSCA, (FZ95 or ETIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, WDOG, JSTY, LOGG, RSET or INST or DELE, SDRF, SDTR



# 6 Conformity Assessment



> TODO: Split out assessment from clause 5 requirements and put them here when required. For now, they are adjacent to the requirement they are assessing, which is far easier to read, write, and understand.



# Annex A (informative): Mapping between the present document and CRA requirements



| CRA requirement                                 | Technical security requirements(s) |

|-------------------------------------------------|------------------------------------|