@@ -1191,7 +1191,8 @@ The product shall protect data transmitted by the product from unauthorized acce
* Objective: Confidentiality of data
* Preparation: List all types of data that may be transmitted on the product that should not be readable without authorization, what methods of ensuring confidentiality are appropriate for each type, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method
* Preparation: List all types of data that may be transmitted on the product that should not be readable without authorization, what methods of ensuri
ng confidentiality are appropriate for each type, all methods of accessing that data available to an attacker based on the risk assessment, and what the allowable authorization methods are for that access method
* Activities: For each type of data and each access mechanism, determine the method of ensuring confidentiality used, and attempt to read the data without authorization
