currently, policy focus on SUT requirement. server part should be listed too. eg: selinux requirement for SUT and server are different, these should be listed.