@@ -590,7 +590,11 @@ FIXME prune this down to the most common use cases
### 4.5.1 List of risk factors
For each operating system placed on the market, the manufacturer shall develop a threat model and risk profile based on the foreseeable use of the operating system. The risk profile is derived from the intended and foreseeable use and misuse of the product. The following risk factors shall be taken into account when developing the risk profile.
The manufacturer can satisfy the technical requirements in Section 5.2 by implementing one or more mitigations to reduce the associated risk, or by transferring the risk as appropriate. The manufacturer selects which mitigation(s) to use by determining the appropriate level of each risk factor in this section, via the development of a threat model and risk profile based on the intended and foreseeable use and misuse of the operating system.
FIXME reference guidance on risk assessment when it exists.
The pre-defined Security Profiles in Section 6 list the appropriate mitigations for several common use cases.
Note: "account" refers to a user in the operating systems sense: a unique system identity associated with certain authorization and permissions. "User" refers to an entity that uses the device for some purpose. Users may have many accounts and accounts may have many users.
@@ -916,13 +920,14 @@ Mitigations are how a technical requirement can be satisfied. Mitigations must b
### 5.2.1 General
This section is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following section will define which mitigations will be required, depending on a risk factor, the overall risk tolerance, and/or a use case in the following section. Risk may, where appropriate, be transferred to another component of a product or to the entity using the product and mitigated there, rather than using one of the below mitigations.
This section is a list of technical requirements necessary to satisfy the CRA essential requirements. Each technical requirement can be satisfied by one or more potential mitigations. Each mitigation may or may not be appropriate for an individual use case. The following section will define which mitigations will be required, depending on a risk factor, the overall risk tolerance, and/or a use case in the following section.
Risk may, where appropriate, be transferred to another component of a product or to the entity using the product and mitigated there, rather than using one of the below mitigations.
For now, each technical requirement includes an example threat to give context for the mitigation. This may be removed in the final version.
FIXME previous paragprah is attempting to provide context for reviewers and tell them that CRA says risks may be transferred, however it also needs to make it clear that not all risks can be transferred. More work needs to be done here.
Each mitigation is described with the following fields where necessary:
* Mitigation: brief description of the mitigation
* Test: how to test that the mitigation is implemented
* Result: what output
* Output: the warning or error message produced by the checker
