@@ -1737,13 +1737,13 @@ All sources of data processed by the product in its secure-by-default configurat
* Objective: Minimize data processed
* Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source. List all states of the product with different exposed interfaces of the product in its secure-by-default configuration, including but not limited to initial configuration, startup, in use, idle, shutdown, and reset, if applicable. For each distinct source of data processed in any state of the product in its secure-by-default configuration, describe the data processed and why it has to be processed for the product to perform its functions.
* Preparation: List all potential sources of data for the product. For each source of data, identify a method to detect whether the product is processing data from that source.
* Activities: Using the list of sources of data, the list of states of the product, and the method to detect whether the product is processing data from that source, list all sources of data processed in each state. Compare to the documented list.
* Activities: Using the list of sources of data, and the method to detect whether the product is processing data from that source, list all sources of data processed. Compare to the documented list.
* Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL
* Evidence: List of sources of data, list of product states, documentation of each source of data, list of sources of data processed in each state, connection between each discovered source of processed data to its documentation
* Evidence: List of sources of data, documentation of each source of data, list of sources of data processed, connection between each discovered source of processed data to its documentation
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
