Formatting fixes

| MOB-1            | IDST, DCST           |

| all others       | IDST                 |

> TODO: Rate use cases by sensitivity of data transmitted and update the security profile list above.

> TODO: Rate use cases by sensitivity of data stored and update the security profile list above.

### 5.2.X **TR-IDTX**: Integrity of data transmitted by the product

  * Evidence: Record of each type of data or setting, what data or setting was written, what data or setting was returned by the first read, and what data or setting was returned by the second read, comparison of each one

#### 5.2.X.x **MI-INST**: Secure deletion via resinstallation

#### 5.2.X.x **MI-INST**: Secure deletion via reinstallation

The product shall reset to its secure-by-default state after a reinstallation that securely deletes all previous user data or settings.

  * Activities: Read the data and settings, initiate the data transfer, and attempt to read the data and settings as an unauthorized user, then read the data and settings from the target product and compare with the data and settings read from the source product

  * Verdict: No data or settings were read by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS< otherwise FAIL

  * Verdict: No data or settings were read by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS, otherwise FAIL

  * Evidence: List of data and settings, log messages from the attempts to read data as the unauthorized user, data and settings as read from the source product and as read from the target product, comparison explaining technical reasons for any differences in the two veresions

> FIXME: When full use case risk factor and tolerances are available, update above table.

### 5.X.Y **TR-LOGG**: Logging and monitoring

### 5.2.X **TR-LOGG**: Logging and monitoring

#### 5.2.X.x Requirement

Guidance: One type of event whose log message must take care to not accidentally include a secret is failed password authentication attempts. Since people often type their password into the username field, including the username field in the log message may result in including a secret in the log message.

[Any other mitigations available]

| Risk factors                   | Requires mitigations |

|--------------------------------|----------------------|

| SNDS < 1 & SNDS < 1 & SENF < 1 | none                 |

> FIXME: Update when risk factors are updated

### 5.X.Y **TR-MIMP**: Impact minimization

### 5.2.X **TR-MIMP**: Impact minimization

#### 5.2.X.x Requirement

The product shall minimise its negative impact on other products or services.

| IoT-2, IoT-3     | MNET                 |

| all others       | MNET, MAMP           |

### 5.X.Y **TR-AVAI**: Availability

### 5.2.X **TR-AVAI**: Availability

#### 5.2.X.x Requirement

The product shall protect the availability of essential and core functions.

| LR, IoT-1        | none                 |

| all others       | AVNT                 |

### 5.X.Y **TR-NKEV**: No known exploited vulnerabilities at first use

### 5.2.X **TR-NKEV**: No known exploited vulnerabilities at first use

#### 5.2.X.x Requirement

Recognizing that there may be vulnerabilities discovered between the time that a product is placed on the market and the time of that product's first use, and that the product should be free from known vulnerabilities both when first made available and when first used by a consumer, the manufacturer shall ensure that the product can be updated at the time of first use to address all known exploited vulnerabilities which were discovered after the product's placement on the market and before that first use.