@@ -720,6 +720,29 @@ This section is a list of technical requirements necessary to satisfy the CRA es
Some risks may be transferred partially or fully to other components of the system or the user of the product. When that is the case, migitations that transfer the risk will be included as an option to fulfill a technical requirement, depending on the use case and risk factors.
### 5.2.X **TR-TEST**: Enable testing and collection of test output
### 5.2.X.x Requirement
The operating system shall provide a method of running the tests for technical requirements and outputting the test results in a machine readable format on the product as placed on the market.
#### 5.2.X.x **MI-TEST**: Document enabling of testing and collection of test output
The manufacturer shall document the steps necessary to enable testing and collection of the test output. The manufacturer shall not add unnecessary barriers to activating and collecting test output by MSAs.
Test: follow the instructions to set up testing, run one test for a technical requirement that produces test output, and collect the output
Result: test output matches expected output for that test
Output: the expected output of the test
Documentation: how to enable testing and collection of the test output, why any barrier to doing so is necessary
#### 5.2.X.x **MI-TDOC**: Test documentation
For any technical requirement which includes a test, the manufacturer shall document the instructions for setting up and running the test in addition to those described in MI-TEST, as well as what output of the test indicates passing of the test. Documentation shall include source code if available and usage documentation for each test, along with the options or inputs necessary to run the tests.
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
All mitigations for TR-TEST are required for all products.
### TR prevent or mitigate memory attacks
Threat: Out-of-bounds memory access caused by unvalidated input in incoming packets
