@@ -592,8 +592,6 @@ FIXME prune this down to the most common use cases
Risk factors determine which mitigation(s) satisfy each of the technical requirements in Section 5.2. The manufacturer determines the level of each risk factor via the development of a threat model and risk profile based on the intended and foreseeable use and misuse of the operating system.
Some risks may be transferred partially or fully to other components of the system or the user of the product. When that is the case, migitations that transfer the risk will be included as an option to fulfill a technical requirement, depending on the use case and risk factors.
FIXME reference guidance on risk assessment when it exists.
#### 4.5.1.x Number of User Accounts
@@ -924,7 +922,7 @@ Optional:
This section is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following section will define which mitigations will be required, depending on a risk factor, the overall risk tolerance, and/or a use case in the following section.
Risk may, where appropriate, be transferred to another component of a product or to the entity using the product and mitigated there, rather than using one of the below mitigations.
Some risks may be transferred partially or fully to other components of the system or the user of the product. When that is the case, migitations that transfer the risk will be included as an option to fulfill a technical requirement, depending on the use case and risk factors.
### 5.2.X **TR-TEST**: Enable testing and collection of test output
