This section captures attacks and mitigations that are not defined elsewhere in the standard without providing any testable requirements and metrics for evaluation. SLs 1, 2, and 3 require that the list of attacks the cryptographic module is designed to mitigate should be included in the module's supporting documents so it will be evaluated when requirements and associated tests are developed. SL4 requires that the details of the developed mitigation mechanisms and methods to test their effectiveness should be documented, too.
Additional security functions can be implemented in the PS or PL to mitigate attacks that are not currently covered by the standard. The designer is responsible for adequately documenting the attacks the module mitigates and the methods developed to test its effectiveness.