Loading EN-304-618.md +12 −22 Original line number Diff line number Diff line Loading @@ -2389,22 +2389,18 @@ purpose of this is to help identify missing technical security requirements.* | CRA requirement | Technical security requirements(s) | | --------------------------------------- | ---------------------------------- | | No known exploitable vulnerabilities | | | No known exploitable vulnerabilities | R7.1 | | Secure design, development, production | | | Secure by default configuration | | | Secure updates | | | Authentication and access control | | : mechanisms : : | Confidentiality protection | | | Integrity protection for data and | | : configuration : : | Authentication and access control mechanisms | | | Confidentiality protection |REQ-GR-CONF-001a; REQ-GR-CONF-001b;REQ-GR-CONF-001c | | Integrity protection for data and configuration | | Data minimization | | | Availability protection | | | Minimize impact on other devices or | | : services : : | Minimize impact on other devices or services | | | Limit attack surface | | | Exploit mitigation by limiting incident | | : impact : : | Exploit mitigation by limiting incident impact | | Logging and monitoring mechanisms | | | Secure deletion and data transfer | | Loading @@ -2412,18 +2408,12 @@ purpose of this is to help identify missing technical security requirements.* | Requirement Category | CRA Annex I Reference | Implementation Priority | | -------------------- | -------------------------- | ----------------------- | | Authentication | Part I, 1(a) - Secure by | CRITICAL | : : default : : | Encryption | Part I, 1(b) - Data | CRITICAL | : : protection : : | Access Control | Part I, 1(c) - Access | HIGH | : : control mechanisms : : | Audit Logging | Part I, 2(a) - Security | HIGH | : : event logging : : | Update Mechanism | Part I, 2(b) - Security | HIGH | : : updates : : | Vulnerability | Part II, 1 - Vulnerability | MEDIUM | : Management : handling : : | Authentication | Part I, 1(a) - Secure by default | CRITICAL | | Encryption | Part I, 1(b) - Data protection | CRITICAL | | Access Control | Part I, 1(c) - Access control mechanisms | HIGH | | Audit Logging | Part I, 2(a) - Security event logging | HIGH | | Update Mechanism | Part I, 2(b) - Security updates | HIGH | | Vulnerability Management | Part II, 1 - Vulnerability handling | MEDIUM : : # Annex C (informative): Relationship between the present document and any related ETSI standards (if any) Loading Loading
EN-304-618.md +12 −22 Original line number Diff line number Diff line Loading @@ -2389,22 +2389,18 @@ purpose of this is to help identify missing technical security requirements.* | CRA requirement | Technical security requirements(s) | | --------------------------------------- | ---------------------------------- | | No known exploitable vulnerabilities | | | No known exploitable vulnerabilities | R7.1 | | Secure design, development, production | | | Secure by default configuration | | | Secure updates | | | Authentication and access control | | : mechanisms : : | Confidentiality protection | | | Integrity protection for data and | | : configuration : : | Authentication and access control mechanisms | | | Confidentiality protection |REQ-GR-CONF-001a; REQ-GR-CONF-001b;REQ-GR-CONF-001c | | Integrity protection for data and configuration | | Data minimization | | | Availability protection | | | Minimize impact on other devices or | | : services : : | Minimize impact on other devices or services | | | Limit attack surface | | | Exploit mitigation by limiting incident | | : impact : : | Exploit mitigation by limiting incident impact | | Logging and monitoring mechanisms | | | Secure deletion and data transfer | | Loading @@ -2412,18 +2408,12 @@ purpose of this is to help identify missing technical security requirements.* | Requirement Category | CRA Annex I Reference | Implementation Priority | | -------------------- | -------------------------- | ----------------------- | | Authentication | Part I, 1(a) - Secure by | CRITICAL | : : default : : | Encryption | Part I, 1(b) - Data | CRITICAL | : : protection : : | Access Control | Part I, 1(c) - Access | HIGH | : : control mechanisms : : | Audit Logging | Part I, 2(a) - Security | HIGH | : : event logging : : | Update Mechanism | Part I, 2(b) - Security | HIGH | : : updates : : | Vulnerability | Part II, 1 - Vulnerability | MEDIUM | : Management : handling : : | Authentication | Part I, 1(a) - Secure by default | CRITICAL | | Encryption | Part I, 1(b) - Data protection | CRITICAL | | Access Control | Part I, 1(c) - Access control mechanisms | HIGH | | Audit Logging | Part I, 2(a) - Security event logging | HIGH | | Update Mechanism | Part I, 2(b) - Security updates | HIGH | | Vulnerability Management | Part II, 1 - Vulnerability handling | MEDIUM : : # Annex C (informative): Relationship between the present document and any related ETSI standards (if any) Loading
