@@ -1080,7 +1080,7 @@ All debug and management interfaces on the product shall be documented, and the
* Verdict: All debug/management interfaces are documented as to how to disable or protect them, and no interfaces are accessible without authorization after following the documentation to protect or disable them => PASS, otherwise => FAIL
* Evidence: Pictures of the product, list of discovered interfaces, comparison with documentation, notes as to which are documented how to disable/protect, logs of protect/disable actions, logs of attempts to access interfaces after protected or disabled
#### 5.2.5.6 MI-PDDI-2: Protect or disable local software access to debug and management interfaces
#### 5.2.8.4 MI-PDDI-2: Protect or disable local software access to debug and management interfaces
All debug and management interfaces which can be accessed by processes running on the system shall be protected or disabled by default, unless necessary for backward compatibility. Documentation regarding the removal of such protections by an appropriately sophisticated user may be provided, and shall include information regarding the risks.
@@ -1092,7 +1092,7 @@ All debug and management interfaces which can be accessed by processes running o
* Verdict: No undocumented interfaces are found and no interfaces can be accessed without authorization other than those documented as necessary and the instructions to the user are sufficient => PASS, otherwise => FAIL
* Evidence: List of interfaces, log of attempts to access
#### 5.2.5.7 MI-PDDI-3: Protect or disable network access to debug or management interfaces
#### 5.2.8.5 MI-PDDI-3: Protect or disable network access to debug or management interfaces
All debug and management interfaces accessible via the network shall be protected or disabled by default, unless necessary for backward compatibility. Documentation regarding the removal of such protections by an appropriately sophisticated user may be provided, and shall include information regarding the risks.
