From d157a33754117506c5cc42ec12cb0f5c62f864cd Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Thu, 6 Nov 2025 18:09:00 -0800 Subject: [PATCH 01/72] stk_reqs: Add section Manufacturer Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 461ec17ce..d6d3475f8 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -22,3 +22,9 @@ From `SEBoK Wiki Glossary - stakeholder requirement Date: Mon, 10 Nov 2025 10:12:53 -0800 Subject: [PATCH 02/72] stk_reqs:mfg: Add section Engineering Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index d6d3475f8..0bbbb835b 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -27,4 +27,10 @@ From `SEBoK Wiki Glossary - stakeholder requirement Date: Mon, 10 Nov 2025 10:11:48 -0800 Subject: [PATCH 03/72] stk_reqs:mfg: Add section Marketing Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 0bbbb835b..f3808bad7 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -33,4 +33,10 @@ TITLE: Engineering [[/SECTION]] +[[SECTION]] +MID: ad475da8ced044a696830a504c80cf9c +TITLE: Marketing + +[[/SECTION]] + [[/SECTION]] From bf403bbf1ed2b3e2ca9686b78183502d545c42b7 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 07:59:22 -0800 Subject: [PATCH 04/72] stk_reqs: Add section Markets Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index f3808bad7..11bfcf13e 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -40,3 +40,9 @@ TITLE: Marketing [[/SECTION]] [[/SECTION]] + +[[SECTION]] +MID: 0e9de8b0869d4a07860ea922481da1b3 +TITLE: Markets + +[[/SECTION]] From 89fde2678a2acca476dc872fd854549786c04920 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 08:01:29 -0800 Subject: [PATCH 05/72] stk_reqs: Add section Others Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 11bfcf13e..d41c53540 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -46,3 +46,9 @@ MID: 0e9de8b0869d4a07860ea922481da1b3 TITLE: Markets [[/SECTION]] + +[[SECTION]] +MID: 23cc45fd8ca64ec3ba03e6eec4236952 +TITLE: Others + +[[/SECTION]] From 32581ee2be3b2a654e22b16642389b01c404aebd Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 07:43:13 -0800 Subject: [PATCH 06/72] stk_reqs:mfr: Released product conforms to EU CRA Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index d41c53540..5222435c5 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -37,6 +37,24 @@ TITLE: Engineering MID: ad475da8ced044a696830a504c80cf9c TITLE: Marketing +[REQUIREMENT] +MID: a76649de31a84f49ba7037db9b938f03 +UID: STKREQ-1 +STATUS: Draft +VERIFICATION: Analysis +TITLE: Released product conforms to EU CRA +STATEMENT: >>> +Where a consumer electronics product is designated for the European Union market, +the product shall be developed in conformance to the EU Cyber Resilience Act. +<<< +RATIONALE: >>> +EU regulation that comes into full enforcement on 2027 Dec 11. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 1f7a6f7c886bc9643e9bafb34f4a73192a174339 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:10:17 -0800 Subject: [PATCH 07/72] stk_reqs:mkts: Add section Regulating Authorities Signed-off-by: Gregory Shue --- .../problem_space/stakeholder_requirements/sdoc/index.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 5222435c5..3f864d94c 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -63,6 +63,12 @@ RELATIONS: MID: 0e9de8b0869d4a07860ea922481da1b3 TITLE: Markets +[[SECTION]] +MID: afe96d9bc00d4a2587fc7dfbbadff847 +TITLE: Regulating Authorities + +[[/SECTION]] + [[/SECTION]] [[SECTION]] From 559d610e064e3cca00ee9594e597d80237824687 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:16:59 -0800 Subject: [PATCH 08/72] stk_reqs:mkts:reg_auth: Add EU CRA requirement doc (stub) Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 3 +++ .../sdoc/stakeholder_requirements_eu_cra.sdoc | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 3f864d94c..202881761 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -67,6 +67,9 @@ TITLE: Markets MID: afe96d9bc00d4a2587fc7dfbbadff847 TITLE: Regulating Authorities +[DOCUMENT_FROM_FILE] +FILE: stakeholder_requirements_eu_cra.sdoc + [[/SECTION]] [[/SECTION]] diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc new file mode 100644 index 000000000..f37b2bded --- /dev/null +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -0,0 +1,14 @@ +[DOCUMENT] +MID: 45588823124c47c184e581877e6fd6a8 +TITLE: EU Cyber Resilience Act - Requirements +OPTIONS: + ENABLE_MID: True + +[GRAMMAR] +IMPORT_FROM_FILE: @sample_stakeholder_requirements_grammar + +[TEXT] +MID: a4963063a5c0464780bc203f80caa9eb +STATEMENT: >>> +SPDX-License-Identifier: Apache-2.0 +<<< From e8ef41f221b885bde99248c0fd4c59b95c0fab06 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:25:03 -0800 Subject: [PATCH 09/72] stk_reqs:mkts:reg_auth:euCRA: Annex I section (empty) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index f37b2bded..a1ee096b3 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -12,3 +12,9 @@ MID: a4963063a5c0464780bc203f80caa9eb STATEMENT: >>> SPDX-License-Identifier: Apache-2.0 <<< + +[[SECTION]] +MID: a1f540cf6e544602a0f28aa36b9a7b28 +TITLE: Annex I - ESSENTIAL CYBERSECURITY REQUIREMENTS + +[[/SECTION]] From 13d460247834ea0a4d193c7af1960db4a0f16894 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:29:17 -0800 Subject: [PATCH 10/72] stk_reqs:mkts:reg_auth:euCRA:annexI: Part I section (empty) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index a1ee096b3..fe3596b50 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -17,4 +17,10 @@ SPDX-License-Identifier: Apache-2.0 MID: a1f540cf6e544602a0f28aa36b9a7b28 TITLE: Annex I - ESSENTIAL CYBERSECURITY REQUIREMENTS +[[SECTION]] +MID: 7c87a7315f744f06b4aaf3834b458e1c +TITLE: Part I Cybersecurity requirements relating to the properties of products with digital elements + +[[/SECTION]] + [[/SECTION]] From 0a1e37176177f73dd34bb3c4564780b6c518ab87 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:29:55 -0800 Subject: [PATCH 11/72] stk_reqs:mkts:reg_auth:euCRA:annexI: Part II section (empty) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index fe3596b50..64f10174a 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -23,4 +23,10 @@ TITLE: Part I Cybersecurity requirements relating to the properties of products [[/SECTION]] +[[SECTION]] +MID: cfdea3f5a0ef4aae92426b8aa900f20b +TITLE: Part II Vulnerability handling requirements + +[[/SECTION]] + [[/SECTION]] From 78814e8e79e47d7af60fe7ae39285c403dde2082 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:35:34 -0800 Subject: [PATCH 12/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (1) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 64f10174a..574fe027d 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -21,6 +21,23 @@ TITLE: Annex I - ESSENTIAL CYBERSECURITY REQUIREMENTS MID: 7c87a7315f744f06b4aaf3834b458e1c TITLE: Part I Cybersecurity requirements relating to the properties of products with digital elements +[REQUIREMENT] +MID: e316335ca7e1429c98cbbe667a8b82c1 +UID: STKREQ-2 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (1) +STATEMENT: >>> +Products with digital elements shall be designed, developed and produced in such a way that they ensure an appropriate level of cybersecurity based on the risks. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 90d1c28e32eed858fba7eefde36ef7cf5c4300d9 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:38:37 -0800 Subject: [PATCH 13/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 574fe027d..f06ccb730 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -38,6 +38,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: de89c152d2944c25a9078249d6f3bef0 +UID: STKREQ-3 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2a) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall be made available on the market without known exploitable vulnerabilities. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From b336d4a4d6be3964f180c8ebe7b3fb8d3ff391e8 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:40:24 -0800 Subject: [PATCH 14/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index f06ccb730..d10097435 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -55,6 +55,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 4c8123cfe30b440ba028904d69dbb291 +UID: STKREQ-4 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2b) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall be made available on the market with a secure by default configuration, unless otherwise agreed between manufacturer and business user in relation to a tailor-made product with digital elements, including the possibility to reset the product to its original state. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From dc4eda22f9e28635de79a93b849aa5e1954125d3 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:42:48 -0800 Subject: [PATCH 15/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2c) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index d10097435..8971efa8b 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -72,6 +72,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: aed3998180fb49ad8982a71121d34100 +UID: STKREQ-5 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2c) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall ensure that vulnerabilities can be addressed through security updates, including, where applicable, through automatic security updates that are installed within an appropriate timeframe enabled as a default setting, with a clear and easy-to-use opt-out mechanism, through the notification of available updates to users, and the option to temporarily postpone them. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From bf0150ceff144db7bbe7a70de005bf011a90819c Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:50:22 -0800 Subject: [PATCH 16/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2d) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 8971efa8b..e60140cb2 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -89,6 +89,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 5cb5abd48c174c7fa46c747e55df3a48 +UID: STKREQ-6 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2d) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall ensure protection from unauthorised access by appropriate control mechanisms, including but not limited to authentication, identity or access management systems, and report on possible unauthorised access. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From cb5a9726dcf8b69225c816f6d95e23dd35b5bd4c Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:51:41 -0800 Subject: [PATCH 17/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2e) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index e60140cb2..a914b6411 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -106,6 +106,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 63031f6137c4460f9e11363a4ccc046e +UID: STKREQ-7 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2e) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall protect the confidentiality of stored, transmitted or otherwise processed data, personal or other, such as by encrypting relevant data at rest or in transit by state of the art mechanisms, and by using other technical means. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From d27964886e60d1201e52d3aa68393ccabe44e673 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:53:12 -0800 Subject: [PATCH 18/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2f) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index a914b6411..c15cf4f35 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -123,6 +123,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 102c21ff4c224196ba38028f3ad62fd3 +UID: STKREQ-8 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2f) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall protect the integrity of stored, transmitted or otherwise processed data, personal or other, commands, programs and configuration against any manipulation or modification not authorised by the user, and report on corruptions. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From a7f20f31c00807d9bc84d7b4b2546f93dead5b89 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:54:50 -0800 Subject: [PATCH 19/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2g) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index c15cf4f35..9fe52f449 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -140,6 +140,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 773974ad4dd3431b8e0ca1ece3a61516 +UID: STKREQ-9 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2g) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall process only data, personal or other, that are adequate, relevant and limited to what is necessary in relation to the intended purpose of the product with digital elements (data minimisation). +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 941acc6ee64eedc0a99e03d91c70e90089a391ad Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:56:24 -0800 Subject: [PATCH 20/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2h) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 9fe52f449..7a04cf0b2 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -157,6 +157,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 75b431ee4500489b88fdb7f2400b2093 +UID: STKREQ-10 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2h) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall protect the availability of essential and basic functions, also after an incident, including through resilience and mitigation measures against denial-of-service attacks. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 7d4d8f29a399643b2f08a6be72f47a18dc5a09b4 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 12:58:07 -0800 Subject: [PATCH 21/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2i) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 7a04cf0b2..3cd16f0e1 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -174,6 +174,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: f3d88193890c40b8bd240c82218c6a70 +UID: STKREQ-11 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2i) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall minimise the negative impact by the products themselves or connected devices on the availability of services provided by other devices or networks. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 239c8991841735a88c669c60e03aae64be98dc21 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:13:46 -0800 Subject: [PATCH 22/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2j) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 3cd16f0e1..efb68474c 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -191,6 +191,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 6a90d1c2e058426499f990d7c236c8ba +UID: STKREQ-12 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2j) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall be designed, developed and produced to limit attack surfaces, including external interfaces. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From f4e9907f1489d4db053f1bed2147aa0a77a972c3 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:15:46 -0800 Subject: [PATCH 23/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2k) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index efb68474c..9a0c3bce3 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -208,6 +208,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 1c9d567ca06a4690ba86f0dcfbd96150 +UID: STKREQ-13 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2k) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall be designed, developed and produced to reduce the impact of an incident using appropriate exploitation mitigation mechanisms and techniques. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 4843c857eadbcaba80402710e6dcf2129bd512f2 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:17:18 -0800 Subject: [PATCH 24/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2l) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 9a0c3bce3..f2660aef9 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -225,6 +225,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 5538dbea82bd433bad1a63b450446879 +UID: STKREQ-14 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2l) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall provide security related information by recording and monitoring relevant internal activity, including the access to or modification of data, services or functions, with an opt-out mechanism for the user. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 337195fcb9c81f6af0fb1ebf25d333a3e77e8f78 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:18:58 -0800 Subject: [PATCH 25/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partI: req (2m) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index f2660aef9..5f091cd5a 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -242,6 +242,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 386a68f1b3ae4852b75ecc99966835fb +UID: STKREQ-15 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part I (2m) +STATEMENT: >>> +On the basis of the cybersecurity risk assessment referred to in Article 13(2) and where applicable, products with digital elements shall provide the possibility for users to securely and easily remove on a permanent basis all data and settings and, where such data can be transferred to other products or systems, ensure that this is done in a secure manner. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[SECTION]] From c82fee4e5ef433eccce5ce65bea4e86384500f8c Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:21:42 -0800 Subject: [PATCH 26/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (1) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 5f091cd5a..5f9da4a6f 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -265,6 +265,23 @@ RELATIONS: MID: cfdea3f5a0ef4aae92426b8aa900f20b TITLE: Part II Vulnerability handling requirements +[REQUIREMENT] +MID: 5869c1ee9615463eb239006cc9d010c7 +UID: STKREQ-16 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (1) +STATEMENT: >>> +Manufacturers of products with digital elements shall identify and document vulnerabilities and components contained in products with digital elements, including by drawing up a software bill of materials in a commonly used and machine-readable format covering at the very least the top-level dependencies of the products. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 22b260ac26f3e8c2635df5fbb60caeef4b3a948e Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:29:57 -0800 Subject: [PATCH 27/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (2)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 5f9da4a6f..ae330ae20 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -282,6 +282,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 2a673eedc0f14ac5819a91be8fb93d1c +UID: STKREQ-17 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (2)(a) +STATEMENT: >>> +Manufacturers of products with digital elements shall in relation to the risks posed to products with digital elements, address and remediate vulnerabilities without delay, including by providing security updates. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 9ce978a4abc6fb636765c9ffae66d694d807b615 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:32:41 -0800 Subject: [PATCH 28/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (2)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index ae330ae20..2529d4f3a 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -299,6 +299,25 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 9570218144e74d02a459f9189d5675f4 +UID: STKREQ-18 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (2)(b) +STATEMENT: >>> +Where technically feasible, Manufacturers of products with digital elements shall provide new security updates separately from functionality updates. +<<< +RATIONALE: >>> +Rephrased quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 for readability and to reduce to only one occurance of the word 'shall'. Original text is: + + [Manufacturers of products with digital elements shall:] where technically feasible, new security updates shall be provided separately from functionality updates; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From ffb2d5853f362defe6f7f841ac4f56a6be6a4783 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:34:29 -0800 Subject: [PATCH 29/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (3) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 2529d4f3a..8acb8b206 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -318,6 +318,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 20ea525b23de42ec97251389d3eb8d1d +UID: STKREQ-19 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (3) +STATEMENT: >>> +Manufacturers of products with digital elements shall apply effective and regular tests and reviews of the security of the product with digital elements. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 5e626228a0e8ee77c5dd7b87ac44bff336d0a69c Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:37:53 -0800 Subject: [PATCH 30/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (4)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 8acb8b206..1d13a6c04 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -335,6 +335,25 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 5999bd32f3954ce6bcfcfa920c89cfce +UID: STKREQ-20 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (4)(a) +STATEMENT: >>> +Once a security update has been made available, Manufacturers of products with digital elements shall share and publicly disclose information about fixed vulnerabilities, including a description of the vulnerabilities, information allowing users to identify the product with digital elements affected, the impacts of the vulnerabilities, their severity and clear and accessible information helping users to remediate the vulnerabilities. +<<< +RATIONALE: >>> +Reordered quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [Manufacturers of products with digital elements shall:] once a security update has been made available, share and publicly disclose information about fixed vulnerabilities, including a description of the vulnerabilities, information allowing users to identify the product with digital elements affected, the impacts of the vulnerabilities, their severity and clear and accessible information helping users to remediate the vulnerabilities; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From d65dfa71eb094e705e6f5159e56ca0b8a5d60547 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:45:20 -0800 Subject: [PATCH 31/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (4)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 1d13a6c04..ece03e397 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -354,6 +354,25 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 63117677fb1c40af9ea2231f8d6d6dfe +UID: STKREQ-21 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (4)(b) +STATEMENT: >>> +Where Manufacturers of products with digital elements consider the security risks of publication to outweigh the security benefits, said Manufacturers shall duly justify for this case any delay in making public information regarding a fixed vulnerability until after users have been given the possibility to apply the relevant patch. +<<< +RATIONALE: >>> +Reworded statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [Manufacturers of products with digital elements shall:] in duly justified cases, where manufacturers consider the security risks of publication to outweigh the security benefits, they may delay making public information regarding a fixed vulnerability until after users have been given the possibility to apply the relevant patch; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From cc05d27ca7a44788ac7d70cef836a05a8ee1835e Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:46:54 -0800 Subject: [PATCH 32/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (5) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index ece03e397..01a5da04b 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -373,6 +373,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: e3949ba873b646a487f3e9272f2f9d4f +UID: STKREQ-22 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (5) +STATEMENT: >>> +Manufacturers of products with digital elements shall put in place and enforce a policy on coordinated vulnerability disclosure. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 8a7c2877e23fa6f0c36f92b39429b176b6166654 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:49:08 -0800 Subject: [PATCH 33/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (6) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 01a5da04b..f90c3eec2 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -390,6 +390,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: d19ee2a5ef83478ea7709cb329bde3e3 +UID: STKREQ-23 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (6) +STATEMENT: >>> +Manufacturers of products with digital elements shall take measures to facilitate the sharing of information about potential vulnerabilities in their product with digital elements as well as in third-party components contained in that product, including by providing a contact address for the reporting of the vulnerabilities discovered in the product with digital elements. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 42e8cc68fcf361aebfce564033b094232378615f Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:51:18 -0800 Subject: [PATCH 34/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (7) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index f90c3eec2..e2f72e1d4 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -407,6 +407,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 9961a0d5f6e24aa2a254a159f36d93b4 +UID: STKREQ-24 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (7) +STATEMENT: >>> +Manufacturers of products with digital elements shall provide for mechanisms to securely distribute updates for products with digital elements to ensure that vulnerabilities are fixed or mitigated in a timely manner and, where applicable for security updates, in an automatic manner. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 0a2e0c9914e84c58d9b58bf62eb8a0163cd758bd Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:53:08 -0800 Subject: [PATCH 35/72] stk_reqs:mkts:reg_auth:euCRA:annexI:partII: req (8) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index e2f72e1d4..0f6365ecf 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -424,6 +424,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 46b5bee525b042cb8bc9df84aee633a3 +UID: STKREQ-25 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex I Part II (8) +STATEMENT: >>> +Manufacturers of products with digital elements shall ensure that, where security updates are available to address identified security issues, they are disseminated without delay and, unless otherwise agreed between a manufacturer and a business user in relation to a tailor-made product with digital elements, free of charge, accompanied by advisory messages providing users with the relevant information, including on potential action to be taken. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] [[/SECTION]] From 2916717b8d9193ed78d37877b6685631c4ddb5d8 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 13:56:15 -0800 Subject: [PATCH 36/72] stk_reqs:mkts:reg_auth:euCRA: Annex II section (empty) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 0f6365ecf..edfd789ff 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -444,3 +444,9 @@ RELATIONS: [[/SECTION]] [[/SECTION]] + +[[SECTION]] +MID: dc789251b3c3434f8860298bbca599a4 +TITLE: Annex II - INFORMATION AND INSTRUCTIONS TO THE USER + +[[/SECTION]] From dfaef9c2634980a7192560cca967cac6100602af Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:01:44 -0800 Subject: [PATCH 37/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (1)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index edfd789ff..826c8dcfe 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -449,4 +449,21 @@ RELATIONS: MID: dc789251b3c3434f8860298bbca599a4 TITLE: Annex II - INFORMATION AND INSTRUCTIONS TO THE USER +[REQUIREMENT] +MID: 230e5744173f4cc7855f74335dc2e75c +UID: STKREQ-26 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (1)(a) +STATEMENT: >>> +The product with digital elements shall be accompanied by the name, registered trade name or registered trademark of the manufacturer. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 16174322731310f9e7e7d94e07b79887fc20e66f Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:03:46 -0800 Subject: [PATCH 38/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (1)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 826c8dcfe..46901882d 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -466,4 +466,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 875167f7449b4f7ca0d63a12abc93e41 +UID: STKREQ-27 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (1)(b) +STATEMENT: >>> +The product with digital elements shall be accompanied by the postal address at which the manufacturer can be contacted. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 991107d192e9ed12da693dbe81c1cc20dcc9beb8 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:05:16 -0800 Subject: [PATCH 39/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (1)(c) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 46901882d..9fa47fe25 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -483,4 +483,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 2ddb1783ffab46c8a3c308128a516996 +UID: STKREQ-28 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (1)(c) +STATEMENT: >>> +The product with digital elements shall be accompanied by the email address or other digital contact at which the manufacturer can be contacted. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From e524426ab12094068e5b3a9c0ab13bb1a9ae2824 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:06:44 -0800 Subject: [PATCH 40/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (1)(d) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 9fa47fe25..1c637d64a 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -500,4 +500,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: afeba84ba543490b931215b0c1ac1cef +UID: STKREQ-29 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (1)(d) +STATEMENT: >>> +The product with digital elements shall be accompanied by, where available, the website at which the manufacturer can be contacted. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 1700ece1f1d97f1ab26c6253bd62145efd379503 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:08:46 -0800 Subject: [PATCH 41/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (2)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 1c637d64a..7eae5a8c7 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -517,4 +517,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: c688de2c91464628998f6a445208769f +UID: STKREQ-30 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (2)(a) +STATEMENT: >>> +The product with digital elements shall be accompanied by the single point of contact where information about vulnerabilities of the product with digital elements can be reported and received. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 8fb5e199e41763d15676eefae8fd668f558677cf Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:10:06 -0800 Subject: [PATCH 42/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (2)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 7eae5a8c7..260b38aab 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -534,4 +534,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 653b21f25d9b4bf5b5577f3938714f5e +UID: STKREQ-31 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (2)(b) +STATEMENT: >>> +The product with digital elements shall be accompanied by where the manufacturer’s policy on coordinated vulnerability disclosure can be found. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 2adcd95c6b5d8fe9713a3ffe84281d9efae0a4c1 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:11:45 -0800 Subject: [PATCH 43/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (3) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 260b38aab..eb210a020 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -551,4 +551,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 8d35bc34ac75475f8733935eb9342345 +UID: STKREQ-32 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (3) +STATEMENT: >>> +The product with digital elements shall be accompanied by name and type and any additional information enabling the unique identification of the product with digital elements. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 5e27f97c7d806ed4565a54c61ee4083807412097 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:14:45 -0800 Subject: [PATCH 44/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (4) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index eb210a020..7dc187200 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -568,4 +568,25 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 148fc117f9d641baa8d0f6b55f863ceb +UID: STKREQ-33 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (4) +STATEMENT: >>> +The product with digital elements shall be accompanied by the intended purpose of the product with digital elements, including: + +- the security environment provided by the manufacturer, +- the product’s essential functionalities, +- information about the security properties. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 1535f9c33bb35bd6ccadc1c008721e2e8236560a Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:18:14 -0800 Subject: [PATCH 45/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (5)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 7dc187200..ea7beb502 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -589,4 +589,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: d66e8801838d4a56ab48a17cdecdc6ce +UID: STKREQ-34 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (5)(a) +STATEMENT: >>> +The product with digital elements shall be accompanied by any known or foreseeable circumstance, related to the use of the product with digital elements in accordance with its intended purpose, which may lead to significant cybersecurity risks. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From a62cabd6e3abf46907b02584a58de82ae33a7f1b Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:20:06 -0800 Subject: [PATCH 46/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (5)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index ea7beb502..acdd6bd80 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -606,4 +606,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: f31b7a3e6ea74f439c8e09d755574a32 +UID: STKREQ-35 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (5)(b) +STATEMENT: >>> +The product with digital elements shall be accompanied by any known or foreseeable circumstance, related to the use of the product with digital elements under conditions of reasonably foreseeable misuse, which may lead to significant cybersecurity risks. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 41a61c4d4f5547dd58f93d19f2b4d5a22477bc08 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:21:38 -0800 Subject: [PATCH 47/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (6) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index acdd6bd80..c57e69932 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -623,4 +623,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 7ece8f236efd4dac956e154dcc4a024f +UID: STKREQ-36 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (6) +STATEMENT: >>> +The product with digital elements shall be accompanied by where applicable, the internet address at which the EU declaration of conformity can be accessed. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 7139a6312e17fa87bb789d39385ca24350a501fb Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:24:13 -0800 Subject: [PATCH 48/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (7)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index c57e69932..3a655991b 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -640,4 +640,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: db461a0876fe48d49483c055fbef9cf2 +UID: STKREQ-37 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (7)(a) +STATEMENT: >>> +The product with digital elements shall be accompanied by the type of technical security support offered by the manufacturer. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 0422f6b96033d950c9055d92253dbbd01eb28711 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:26:17 -0800 Subject: [PATCH 49/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (7)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 3a655991b..811ced0f9 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -657,4 +657,24 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 9a80316ad9cf4aa299f42b01f0bde715 +UID: STKREQ-38 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (7)(b) +STATEMENT: >>> +The product with digital elements shall be accompanied by the end-date of the support period during which users can expect: + +- vulnerabilities to be handled, +- to receive security updates. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 55128719e9423d614ef4ffb0631216c982ba0095 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:28:50 -0800 Subject: [PATCH 50/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(a) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 811ced0f9..f7ff6cb73 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -677,4 +677,22 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 280e0d2c50604be1b0db23410a301131 +UID: STKREQ-39 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(a) +STATEMENT: >>> +The product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on the necessary measures during initial commissioning and throughout the lifetime of the product with digital +elements to ensure its secure use. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 52e70ba4765a9ae724078b85df8379e083b13b5b Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:30:29 -0800 Subject: [PATCH 51/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(b) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index f7ff6cb73..60037dbc6 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -695,4 +695,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 15c221b2c9ee4780879aa356b220c055 +UID: STKREQ-40 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(b) +STATEMENT: >>> +The product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on how changes to the product with digital elements can affect the security of data. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 41c1795197a13fcda47db506c542790a77a7e4ac Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:31:43 -0800 Subject: [PATCH 52/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(c) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 60037dbc6..16682ca71 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -712,4 +712,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: c0b39436092c4fc4bf81491b4435a145 +UID: STKREQ-41 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(c) +STATEMENT: >>> +The product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on how security-relevant updates can be installed. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 25cd711843cbeea5fd69df37fad67dee32aa5952 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:33:00 -0800 Subject: [PATCH 53/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(d) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 16682ca71..bb26e657d 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -729,4 +729,22 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 7f2d817971af4fcea83a1165e3621f80 +UID: STKREQ-42 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(d) +STATEMENT: >>> +The product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on the secure decommissioning of the product with digital elements, including information on how user data can be +securely removed. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From e5579c69a3cd3d5dd80104f20756ac4ce6b07978 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:34:45 -0800 Subject: [PATCH 54/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(e) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index bb26e657d..c845abd6e 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -747,4 +747,21 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: ff1298301d734d51880e258e3cad4f2b +UID: STKREQ-43 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(e) +STATEMENT: >>> +The product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on how the default setting enabling the automatic installation of security updates, as required by Part I, point (2)(c), of Annex I, can be turned off. +<<< +RATIONALE: >>> +Direct quote from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 3c4b1e57c614b48d497205ae6318ea3141643071 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:37:49 -0800 Subject: [PATCH 55/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (8)(f) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index c845abd6e..d36e27b37 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -764,4 +764,27 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 41ff21f4646f486f89c42235425638ca +UID: STKREQ-44 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (8)(f) +STATEMENT: >>> +Where the product with digital elements is intended for integration into other products with digital elements, +the product with digital elements shall be accompanied by detailed instructions or an internet address referring to such detailed instructions and information on the information necessary for the integrator to comply with: + +- the essential cybersecurity requirements set out in Annex I, +- the documentation requirements set out in Annex VII. +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [At minimum, the product with digital elements shall be accompanied by:] [detailed instructions or an internet address referring to such detailed instructions and information on:] where the product with digital elements is intended for integration into other products with digital elements, the information necessary for the integrator to comply with the essential cybersecurity requirements set out in Annex I and the documentation requirements set out in Annex VII. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From daf59f77ac164d69a8c9b64cda75e4e73d6d808f Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:40:26 -0800 Subject: [PATCH 56/72] stk_reqs:mkts:reg_auth:euCRA:annexII: req (9) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index d36e27b37..510431af3 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -787,4 +787,24 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 3d48d95989f94259a9db036b2b71bbe8 +UID: STKREQ-45 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex II (9) +STATEMENT: >>> +Where the manufacturer of the product with digital elements decides to make available the software bill of materials to the user, +the product with digital elements shall be accompanied by information on where the software bill of materials can be accessed. +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [At minimum, the product with digital elements shall be accompanied by:] if the manufacturer decides to make available the software bill of materials to the user, information on where the software bill of materials can be accessed. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 0fad0fe8c62d7073a0932b4678a4a4aabc94a13d Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:41:42 -0800 Subject: [PATCH 57/72] stk_reqs:mkts:reg_auth:euCRA: Annex VII section (empty) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 510431af3..684acbe81 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -808,3 +808,9 @@ RELATIONS: ROLE: Refines [[/SECTION]] + +[[SECTION]] +MID: c21798598cae419981b3162ca6703efc +TITLE: Annex VII - CONTENT OF THE TECHNICAL DOCUMENTATION + +[[/SECTION]] From 172721e5f9d8fcae7b4a572bc17021209c275c42 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:47:07 -0800 Subject: [PATCH 58/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (1) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 684acbe81..eaf356064 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -813,4 +813,29 @@ RELATIONS: MID: c21798598cae419981b3162ca6703efc TITLE: Annex VII - CONTENT OF THE TECHNICAL DOCUMENTATION +[REQUIREMENT] +MID: 89d6ea0ab62f4113a131523a114d8321 +UID: STKREQ-46 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (1) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, +the technical documentation referred to in EU CRA Article 31 shall contain a general description of the product with digital elements, including: + +- the intended purpose of said product, +- versions of software affecting compliance with essential cybersecurity requirements, +- where the product with digital elements is a hardware product, photographs or illustrations showing external features, marking and internal layout, +- user information and instructions as set out in EU CRA Annex II. +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] a general description of the product with digital elements, including: (a) its intended purpose; (b) versions of software affecting compliance with essential cybersecurity requirements; (c) where the product with digital elements is a hardware product, photographs or illustrations showing external features, marking and internal layout; (d) user information and instructions as set out in Annex II; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 4a1efa83feeebad6294916246f1328680b527505 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:51:30 -0800 Subject: [PATCH 59/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (2) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index eaf356064..7a13e36f7 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -838,4 +838,27 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 0b87618a1c9e4630aa18263dad40f4e2 +UID: STKREQ-47 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (2) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain a description of the design, development and production of the product with digital elements and vulnerability handling processes, including: + +- necessary information on the design and development of the product with digital elements, including, where applicable, drawings and schemes and a description of the system architecture explaining how software components build on or feed into each other and integrate into the overall processing; +- necessary information and specifications of the vulnerability handling processes put in place by the manufacturer, including the software bill of materials, the coordinated vulnerability disclosure policy, evidence of the provision of a contact address for the reporting of the vulnerabilities and a description of the technical solutions chosen for the secure distribution of updates; +- necessary information and specifications of the production and monitoring processes of the product with digital elements and the validation of those processes; +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] a description of the design, development and production of the product with digital elements and vulnerability handling processes, including: (a) necessary information on the design and development of the product with digital elements, including, where applicable, drawings and schemes and a description of the system architecture explaining how software components build on or feed into each other and integrate into the overall processing; (b) necessary information and specifications of the vulnerability handling processes put in place by the manufacturer, including the software bill of materials, the coordinated vulnerability disclosure policy, evidence of the provision of a contact address for the reporting of the vulnerabilities and a description of the technical solutions chosen for the secure distribution of updates; (c) necessary information and specifications of the production and monitoring processes of the product with digital elements and the validation of those processes; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 9188821869d6eba03bb61b5bef1898eb4df7ca76 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:54:00 -0800 Subject: [PATCH 60/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (3) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 7a13e36f7..44ea15591 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -861,4 +861,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 0c54548e96ff4e15b1610daa5d61f305 +UID: STKREQ-48 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (3) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain an assessment of the cybersecurity risks against which the product with digital elements is designed, developed, produced, delivered and maintained pursuant to Article 13, including how the essential cybersecurity requirements set out in Part I of Annex I are applicable; +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] an assessment of the cybersecurity risks against which the product with digital elements is designed, developed, produced, delivered and maintained pursuant to Article 13, including how the essential cybersecurity requirements set out in Part I of Annex I are applicable; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 557fa26df79cb7872664493baaec3a0a086bbd85 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:55:18 -0800 Subject: [PATCH 61/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (4) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 44ea15591..06eb85f0a 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -880,4 +880,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: 760f539bda13457aa94af3465755a6b3 +UID: STKREQ-49 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (4) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain relevant information that was taken into account to determine the support period pursuant to Article 13(8) of the product with digital elements; +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] relevant information that was taken into account to determine the support period pursuant to Article 13(8) of the product with digital elements; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 688eba7c161dafeded1de49ccf054e2f7a05ba33 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 14:58:32 -0800 Subject: [PATCH 62/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (5) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 06eb85f0a..1fc6a26a3 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -899,4 +899,28 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: ca0a148bd645431f8995392332a25cf7 +UID: STKREQ-50 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (5) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain: + +- a list of the harmonised standards applied in full or in part the references of which have been published in the Official Journal of the European Union, common specifications as set out in Article 27 of this Regulation or European cybersecurity certification schemes adopted pursuant to Regulation (EU) 2019/881 pursuant to Article 27(8) of this Regulation; +- where those harmonised standards, common specifications or European cybersecurity certification schemes have not been applied, descriptions of the solutions adopted to meet the essential cybersecurity requirements set out in Parts I and II of Annex I, including a list of other relevant technical specifications applied. + +In the event of partly applied harmonised standards, common specifications or European cybersecurity certification schemes, the technical documentation shall specify the parts which have been applied; +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] a list of the harmonised standards applied in full or in part the references of which have been published in the Official Journal of the European Union, common specifications as set out in Article 27 of this Regulation or European cybersecurity certification schemes adopted pursuant to Regulation (EU) 2019/881 pursuant to Article 27(8) of this Regulation, and, where those harmonised standards, common specifications or European cybersecurity certification schemes have not been applied, descriptions of the solutions adopted to meet the essential cybersecurity requirements set out in Parts I and II of Annex I, including a list of other relevant technical specifications applied. In the event of partly applied harmonised standards, common specifications or European cybersecurity certification schemes, the technical documentation shall specify the parts which have been applied; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From e7d98104009248a74cc30402d84383dd01549f1a Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 15:00:40 -0800 Subject: [PATCH 63/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (6) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 1fc6a26a3..5c2efae95 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -923,4 +923,26 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: ab1c1414d12d43ea872e6d26dc220747 +UID: STKREQ-51 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (6) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain reports of: + +- the tests carried out to verify the conformity of the product with digital elements +- the vulnerability handling processes with the applicable essential cybersecurity requirements as set out in Parts I and II of Annex I; +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] reports of the tests carried out to verify the conformity of the product with digital elements and of the vulnerability handling processes with the applicable essential cybersecurity requirements as set out in Parts I and II of Annex I; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 759009d8498bfd79a668d68c625bbf3be0c8c6f6 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 15:02:04 -0800 Subject: [PATCH 64/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (7) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 5c2efae95..1c5d5278e 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -945,4 +945,23 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: bab31f15b52c409393edf753741639cb +UID: STKREQ-52 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (7) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, the technical documentation referred to in EU CRA Article 31 shall contain a copy of the EU declaration of conformity. +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] a copy of the EU declaration of conformity; +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 093ea74c01fd7ce2622a07d150e231ffddbe76db Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Fri, 7 Nov 2025 15:04:28 -0800 Subject: [PATCH 65/72] stk_reqs:mkts:reg_auth:euCRA:annexVII: req (8) Signed-off-by: Gregory Shue --- .../sdoc/stakeholder_requirements_eu_cra.sdoc | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc index 1c5d5278e..a0ec8316d 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/stakeholder_requirements_eu_cra.sdoc @@ -964,4 +964,24 @@ RELATIONS: VALUE: STKREQ-1 ROLE: Refines +[REQUIREMENT] +MID: d3171eee8d894eebba3f882e6babb8c0 +UID: STKREQ-53 +STATUS: Draft +VERIFICATION: Review +TITLE: EU CRA Annex VII (8) +STATEMENT: >>> +Where applicable to the relevant product with digital elements, +the technical documentation referred to in EU CRA Article 31 shall contain where applicable, the software bill of materials, further to a reasoned request from a market surveillance authority provided that it is necessary in order for that authority to be able to check compliance with the essential cybersecurity requirements set out in Annex I. +<<< +RATIONALE: >>> +Reordered statement from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847 to have the condition/trigger before the subject (following the convention of EARS). Original text is: + + [The technical documentation referred to in Article 31 shall contain at least the following information, as applicable to the relevant product with digital elements:] where applicable, the software bill of materials, further to a reasoned request from a market surveillance authority provided that it is necessary in order for that authority to be able to check compliance with the essential cybersecurity requirements set out in Annex I. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKREQ-1 + ROLE: Refines + [[/SECTION]] From 644c631f693fb7d43b8ad4b4cc7a5dfcea67af73 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 10:34:57 -0800 Subject: [PATCH 66/72] stk_reqs:mfr:engr: Follow SEBoK v2.12 Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 202881761..23c8223ac 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -31,6 +31,23 @@ TITLE: Manufacturer MID: 9d271518a6f54faca57afc4c93775c19 TITLE: Engineering +[REQUIREMENT] +MID: 5f3828c9d3954013bba2cdc4f4daa139 +UID: STKREQ-54 +STATUS: Draft +VERIFICATION: Review +TITLE: System Engineering follows SEBoK 2.12 Wiki +STATEMENT: >>> +The System shall be developed following the best practices described in the Systems Engineering Body of Knowledge (SEBoK) v2.12 Wiki. +<<< +RATIONALE: >>> +The SEBoK Wiki presents the Systems Engineering best practices without cost. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-7 + ROLE: Refines + [[/SECTION]] [[SECTION]] From cee5705ca8b99cc7b1ebe2ee2bcb279cbc32367e Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 10:44:21 -0800 Subject: [PATCH 67/72] stk_reqs:mfr:engr: Requirements written in EARS Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 23c8223ac..35f998b02 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -48,6 +48,23 @@ RELATIONS: VALUE: STKNEED-7 ROLE: Refines +[REQUIREMENT] +MID: 09d64e339d66456e8f1c375a99350a50 +UID: STKREQ-55 +STATUS: Draft +VERIFICATION: Review +TITLE: Requirements Written in EARS +STATEMENT: >>> +The System shall express requirements in the Easy Approach to Requirements Syntax (EARS). +<<< +RATIONALE: >>> +`EARS `_ is a simple syntax already used in the development of certified safety-critical regulated products. The syntax is simple enough for accurate use by non-native English speakers. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-7 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 9a6bf0251e717b980c8033efb474e789ab44d7cf Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 10:52:28 -0800 Subject: [PATCH 68/72] stk_reqs:mfr:engr: Arch Descriptions follow 4+1 Arch View Model Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 35f998b02..43295f087 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -65,6 +65,23 @@ RELATIONS: VALUE: STKNEED-7 ROLE: Refines +[REQUIREMENT] +MID: 6e3c9a40f74c45ef9bfc557559881820 +UID: STKREQ-56 +STATUS: Draft +VERIFICATION: Review +TITLE: Architectures Description Follows 4+1 View Model +STATEMENT: >>> +The System shall follow the 4+1 Architectural View Model for describing the architecture(s) within. +<<< +RATIONALE: >>> +A System Engineering best practice is to describe architecture(s) from multiple viewpoints. One of the earliest successful examples of this is the `4+1 Architectural View Model `_, which provides a high-level breakdown that maps well for describing physical products-with-digital-elements. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-7 + ROLE: Refines + [[/SECTION]] [[SECTION]] From d8665854a4621d7f9b56bff797cd6f3a37dcea25 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 11:02:37 -0800 Subject: [PATCH 69/72] stk_reqs:mfr:engr: Tech Documents captured in StrictDoc Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 43295f087..6fdc25286 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -82,6 +82,26 @@ RELATIONS: VALUE: STKNEED-7 ROLE: Refines +[REQUIREMENT] +MID: d4cc3815c4fb4d0dba80d253a276ca0c +UID: STKREQ-57 +STATUS: Draft +VERIFICATION: Review +TITLE: Technical Docs Captured in StrictDoc +STATEMENT: >>> +The System shall capture technical documentation in the open-source software tool StrictDoc. +<<< +RATIONALE: >>> +- StrictDoc is a Free Open-Source Software package. +- StrictDoc has already been used for capturing and tracing technical documentation for a space flight product. +- StrictDoc has already been selected for capturing and tracing requirements for the Linux Foundation's Zephyr Project. +- StrictDoc already has integrated the Free Open-Source Software graph generation tool MermaidUML. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-7 + ROLE: Refines + [[/SECTION]] [[SECTION]] From a50b56d80102030b24dafbafc31172bbb42072d8 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 11:11:08 -0800 Subject: [PATCH 70/72] stk_reqs:mfr:engr: StrictDoc config enables MermaidUML Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 6fdc25286..3009a15bc 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -102,6 +102,23 @@ RELATIONS: VALUE: STKNEED-7 ROLE: Refines +[REQUIREMENT] +MID: 8de2b35b281d4df190c8b5639e9cce58 +UID: STKREQ-58 +STATUS: Draft +VERIFICATION: Review +TITLE: StrictDoc configured with MermaidUML enabled +STATEMENT: >>> +The System shall configure StrictDoc such that embedded MermaidUML digrams are rendered. +<<< +RATIONALE: >>> +StrictDoc provides an experimental feature to support embedded MermaidUML diagrams. This feature enables the StrictDoc server to render the diagrams for display on the web pages. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-7 + ROLE: Refines + [[/SECTION]] [[SECTION]] From 59b2535189840cdfb5cea899f4db279a82e351f0 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 11:30:24 -0800 Subject: [PATCH 71/72] stk_reqs:mfr:engr: Arch Docs include Decision Stmts Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 3009a15bc..3765073a2 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -82,6 +82,23 @@ RELATIONS: VALUE: STKNEED-7 ROLE: Refines +[REQUIREMENT] +MID: 44502658969447bc9cfb7b2d03e2fc91 +UID: STKREQ-59 +STATUS: Draft +VERIFICATION: Review +TITLE: Architectures Description Includes Decision Statements +STATEMENT: >>> +The System shall include documentation of the architectural decisions. +<<< +RATIONALE: >>> +Engineering staff undergoes significant turnover during a product development and support lifetime. Following documented best practices minimizes the training overhead. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-8 + ROLE: Refines + [REQUIREMENT] MID: d4cc3815c4fb4d0dba80d253a276ca0c UID: STKREQ-57 From 66c8107538bc35946b6ccc4365acfa2a011b8483 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Mon, 10 Nov 2025 11:33:08 -0800 Subject: [PATCH 72/72] stk_reqs:mfr:engr: Arch Docs include Decisions Timeline Signed-off-by: Gregory Shue --- .../stakeholder_requirements/sdoc/index.sdoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc index 3765073a2..c082e2327 100644 --- a/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc +++ b/conformance/example1/content/src/problem_space/stakeholder_requirements/sdoc/index.sdoc @@ -99,6 +99,23 @@ RELATIONS: VALUE: STKNEED-8 ROLE: Refines +[REQUIREMENT] +MID: 4567facd0e8341fca6635bd7bd6e8c0f +UID: STKREQ-60 +STATUS: Draft +VERIFICATION: Review +TITLE: Architectures Description Includes Decision Timeline +STATEMENT: >>> +The System shall include documentation of the timeline of architectural decisions. +<<< +RATIONALE: >>> +Engineering staff undergoes significant turnover during a product development and support lifetime. Following documented best practices minimizes the training overhead. +<<< +RELATIONS: +- TYPE: Parent + VALUE: STKNEED-8 + ROLE: Refines + [REQUIREMENT] MID: d4cc3815c4fb4d0dba80d253a276ca0c UID: STKREQ-57