| CR 2.1 |
Authorization enforcement |
Component |
| CR 2.1 RE1 |
Authorization enforcement for all users |
Component |
| CR 2.1 RE2 |
Permission mapping to roles |
Component |
| CR 2.1 RE3 |
Supervisor override |
Fail |
| CR 2.1 RE4 |
Dual approval |
Fail |
| CR 2.2 |
Wireless use control |
Not Applicable |
| CR 2.3 |
Use control for portable and mobile devices |
Not Applicable |
| SAR 2.4 |
Mobile code |
Component |
| SAR 2.4 RE1 |
Mobile code authenticity check |
Fail |
| EDR 2.4 |
Mobile code |
Not Applicable |
| EDR 2.4 RE1 |
Mobile code authenticity check |
Not Applicable |
| HDR 2.4 |
Mobile code |
Not Applicable |
| HDR 2.4 RE1 |
Mobile code authenticity check |
Not Applicable |
| NDR 2.4 |
Mobile code |
Not Applicable |
| NDR 2.4 RE1 |
Mobile code authenticity check |
Not Applicable |
| CR 2.5 |
Session lock |
Component |
| CR 2.6 |
Remote session termination |
Component |
| CR 2.7 |
Concurrent session control |
Fail |
| CR 2.8 |
Auditable events |
Component |
| CR 2.9 |
Audit storage capacity |
Component |
| CR 2.9 RE1 |
Warn when audit record storage capacity threshold reached |
Component |
| CR 2.10 |
Response to audit processing failures |
Component |
| CR 2.11 |
Timestamps |
Component |
| CR 2.11 RE1 |
Time synchronization |
Component |
| CR 2.11 RE2 |
Protection of time source integrity |
Component |
| CR 2.12 |
Non-repudiation |
Component |
| CR 2.12 RE1 |
Non-repudiation for all users |
Component |
| EDR 2.13 |
Use of physical diagnostic and test interfaces |
Not Applicable |
| EDR 2.13 RE1 |
Active monitoring |
Not Applicable |
| HDR 2.13 |
Use of physical diagnostic and test interfaces |
Not Applicable |
| HDR 2.13 RE1 |
Active monitoring |
Not Applicable |
| NDR 2.13 |
Use of physical diagnostic and test interfaces |
Not Applicable |
| NDR 2.13 RE1 |
Active monitoring |
Not Applicable |
