@@ -1174,10 +1174,6 @@ The product shall protect data stored on the product from unauthorized access.
Guidance: Data may be protected by the environment, permissions, encryption, salting and hashing, offline storage, or hardware-backed secrets.
#### 5.2.7.3 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.8 TR-CDTX: Confidentiality of data transmitted by product
#### 5.2.8.1 Requirement
@@ -1214,10 +1210,6 @@ The product shall be accompanied by documentation informing the user of the tran
* Verdict: Transfer of risk documented in a manner appropriate to the user => PASS, otherwise FAIL
* Evidence: Documentation, analysis of documentation
#### 5.2.8.4 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.9 TR-CRYP: Encryption
**Editor's Note:** We anticipate that future revisions of this document will include state-of-the-art encryption requirements, including references to appropriate encryption standards not already included in the Agreed Cryptographic Mechanism and CRA Addendum.
@@ -1266,10 +1258,6 @@ The product shall detect corruption of the data stored on the product.
* Evidence: Logs of determination of type of data and corruptions of data
#### 5.2.10.4 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.11 TR-IDTX: Integrity of data transmitted by the product
#### 5.2.11.1 Requirement
@@ -1291,10 +1279,6 @@ The product shall detect corruption of the data transmitted by the product.
* Verdict: If all methods of detecting corruption match the type of the data transmitted, and all the corruptions of data are detected => PASS, otherwise => FAIL
* Evidence: Logs of determination of type of data and corruptions of data
#### 5.2.11.3 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.12 TR-DMIN: Data Minimization
#### 5.2.12.1 Requirement
@@ -1312,10 +1296,6 @@ All sources of data processed by the product in its secure-by-default configurat
* Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL
* Evidence: List of sources of data, documentation of each source of data, list of sources of data processed, connection between each discovered source of processed data to its documentation
#### 5.2.12.3 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.X TR-AVAI: Availability
#### 5.2.X.x Requirement
@@ -1377,10 +1357,6 @@ All exposed interfaces on the product in any state that is part of its reasonabl
* Verdict: All discovered interfaces are documented, including rationale => PASS, otherwise => FAIL
* Evidence: List of types of interfaces, list of product states, documentation of each exposed interface, output of methods to list all exposed interfaces, connection between each discovered interface to its documentation
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.X TR-LOGG: Logging and monitoring
#### 5.2.X.x Requirement
@@ -1446,10 +1422,6 @@ The product shall reset to its secure-by-default state after the secure deletion
* Verdict: If any data or setting is the same for both of the reads => FAIL, otherwise => PASS
* Evidence: Record of each type of data or setting, what data or setting was written, what data or setting was returned by the first read, and what data or setting was returned by the second read, comparison of each one
#### 5.2.16.5 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
### 5.2.17 TR-SDTR: Secure data read and transfer
#### 5.2.17.1 Requirement
@@ -1480,10 +1452,6 @@ If the product provides a method to transfer data and settings to another produc
* Verdict: No data or settings could be read or altered by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS, otherwise FAIL
* Evidence: List of data and settings, log messages from the attempts to read or alter data as the unauthorized user, data and settings as read from the source product and as read from the target product, comparison explaining technical reasons for any differences in the two versions
#### 5.2.17.4 Mapping of mitigations to risk factors and security profiles
See Section 5.3 for which mitigations are necessary for which security profiles and Annex C.4 for the rationale.
