This outline applies to network-connectable products that shall be evaluated and tested for vulnerabilities@ software weaknesses and malware. This outline describes: a) Requirements regarding the vendor??s risk management process for their product. b) Methods by which a product shall be evaluated and tested for the presence of vulnerabilities@ software weaknesses and malware. c) Requirements regarding the presence of security risk controls in the architecture and design of a product. This outline does not contain requirements regarding functional testing of a product. This means this outline contains no requirements to verify that the product functions as designed. This outline does not contain requirements regarding the hardware contained in a product.