@@ -1296,13 +1296,13 @@ All sources of data processed by the product in its secure-by-default configurat
* Verdict: All sources of processed data are documented, including rationale => PASS, otherwise => FAIL
* Evidence: List of sources of data, documentation of each source of data, list of sources of data processed, connection between each discovered source of processed data to its documentation
### 5.2.X TR-AVAI: Availability
### 5.2.13 TR-AVAI: Availability
#### 5.2.X.x Requirement
#### 5.2.13.1 Requirement
The product shall protect the availability of essential and core functions.
#### 5.2.X.x MI-AVNT: Availability of network services
#### 5.2.13.2 MI-AVNT: Availability of network services
The product shall protect the availability of essential and core network services through mitigation of denial-of-service attacks.
@@ -1313,7 +1313,7 @@ The product shall protect the availability of essential and core network service
* Verdict: Every essential or core network service is documented and the mitigations are sufficient => PASS, otherwise FAIL
* Evidence: All configuration files for network services, documentation of network services and the ways to mitigate a denial-of-service attack on it, internal lists of listening ports, results of an external port scan
#### 5.2.13.2 MI-WDOG: Watchdog and self-initiated reset
#### 5.2.13.3 MI-WDOG: Watchdog and self-initiated reset
The product shall implement a mechanism to trigger an automatic reset when it detects that it is no longer able to perform its functions.
@@ -1340,13 +1340,13 @@ The product shall implement a mechanism to trigger an automatic reset when it de
> TODO: Write mitigation documenting that the operational environment must provide denial of service protection, such as an external or internal firewall, fair queueing or filtering, a proxy, etc.
### 5.2.X TR-LMAS: Minimize exposed interfaces
### 5.2.14 TR-LMAS: Minimize exposed interfaces
#### 5.2.X.x Requirement
#### 5.2.14.1 Requirement
The manufacturer shall minimize exposed interfaces in the default configuration of the product in all operating modes, including initial configuration, during initialization, while in use, while shutting down or paused, or after reset.
#### 5.2.X.x MI-JSTY: Document and justify exposed interfaces
#### 5.2.14.2 MI-JSTY: Document and justify exposed interfaces
All exposed interfaces on the product in any state that is part of its reasonably foreseeable use or misuse in its secure-by-default configuration shall be documented. Every interface shall have a documented rationale for why its exposure is necessary for the functioning of the product in its secure-by-default configuration.
@@ -1357,13 +1357,13 @@ All exposed interfaces on the product in any state that is part of its reasonabl
* Verdict: All discovered interfaces are documented, including rationale => PASS, otherwise => FAIL
* Evidence: List of types of interfaces, list of product states, documentation of each exposed interface, output of methods to list all exposed interfaces, connection between each discovered interface to its documentation
### 5.2.X TR-LOGG: Logging and monitoring
### 5.2.15 TR-LOGG: Logging and monitoring
#### 5.2.X.x Requirement
#### 5.2.15.1 Requirement
The product shall record security-relevant internal events, including but not limited to changes to configuration and access or modification of data and functions. The product shall provide an opt-out mechanism.
#### 5.2.X.x MI-LOGG: Logging
#### 5.2.15.2 MI-LOGG: Logging
The product shall record log messages indicating security-relevant internal events in an internal or external log. The log messages shall not include any confidential information such as PII, secrets, or credentials, or any information which might reasonably be expected to include such items.
