2.4.5.37
| Req No | Requirement | Compliance Class And Applicability | Primary Keyword | Secondary Keyword |
|---|---|---|---|---|
| 2.4.5.37 | The device manufacturer should ensure that shared libraries (e.g. Clib or Crypto libraries) that deliver network and security functionalities have been reviewed or evaluated (note that the actual review or evaluation does not have to be conducted by the manufacturer if it has been conducted by another reputable organisation or government entity). Cryptography libraries should be re-reviewed for known security vulnerabilities on each update of the device. | Mandatory for Class 2 and above | Business | Policy |