** Section 1.
Conversely, systems that cannot be attested and verified to be in a
good state can be taken out of service, or otherwise flagged for
repair.
I was a bit surprised that the reduced trust/access motivation was not directly mentioned here given that it's the underlying use case of the two examples in the next paragraph and in Section 2. I would have said something to the effect of:
NEW
Conversely, systems that cannot be attested and verified to be in a good state can be given reduced access or privileges, taken out of service, or otherwise flagged for repair.
mcr
commented
2 years ago 
henkbirkholz
commented
2 years ago