diff --git a/docs/csaf_checker.md b/docs/csaf_checker.md
index 96bb6c7..30091e5 100644
--- a/docs/csaf_checker.md
+++ b/docs/csaf_checker.md
@@ -50,7 +50,7 @@ The `role` given in the `provider-metadata.json` is not
 yet considered to change the overall result,
 see https://github.com/csaf-poc/csaf_distribution/issues/221 .
 
-If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories should be access protected.
+If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories must be access protected.
 To check these advisories, authorization can be given via custom headers or certificates.
 The authorization method chosen needs to grant access to all advisories, as otherwise the
 checker will be unable to check the advisories it doesn't have permission for, falsifying the result.