@@ -733,6 +733,14 @@ FIXME add the separate concept of users apart from accounts
* ADMN-1: foreseeable use of the operating system includes skilled administration available on call
* ADMN-2: foreseeable use of the operating system includes unskilled administration
#### 4.5.1.x Length of support period
**[RF-SUPP]:** How long the product is expected to be in use.
* SUPP-0: the length of foreseeable use is less than the time necessary to remediate a vulnerability
* SUPP-1: the length of foreseeable use is long enough to require remediating at least one vulnerability
* SUPP-2: the length of foreseeable use is long enough to require remediating multiple vulnerabilities
### 4.5.2 Mapping of Use Cases to Risk Factors
**NOTE:** The "TOTAL" field is referenced by but does not define the Risk Tolerance assignments table in Section 6.3. It is primarily a consistency check to see if the risk factors sufficiently distinguish the differences in risk tolerance between use cases.
