Commit 07a74bee authored by Miguel Fornés's avatar Miguel Fornés Committed by Aki Braun
Browse files

Resolve "[HAS 36] 4.7 This section mixes user needs with the required VPN...

Resolve "[HAS 36] 4.7 This section mixes user needs with the required VPN setup. For instance, UC-2 describes the user nee"
parent cbfa078a
Loading
Loading
Loading
Loading
+50 −47
Original line number Diff line number Diff line
@@ -418,6 +418,7 @@ The following risks are delegated by the VPN product to other components within
(previously ## 4.6)

To ensure that the cybersecurity requirements address the specific threats faced by different market segments, the users of VPN products are categorized into groups based on their operational needs, level of cybersecurity expertise, and risk profiles. This categorization considers both direct end-users and integrators, and prioritizes the privacy, safety, and accessibility of the product for all individuals. These user groups directly correspond to the Use Cases (UC) detailed in Clause 4.6:

- Everyday Consumers and Vulnerable Groups (Refers to UC-1, UC-2): This group represents the general public, specifically including vulnerable populations such as children and the elderly, as well as individuals with limited cybersecurity knowledge. Their primary needs include securing personal traffic on untrusted networks and obfuscating online activity to avoid tracking. This segment requires highly accessible, secure-by-default configurations that accommodate users with disabilities who may rely on assistive technology to operate the product securely
- High-Risk Privacy Seekers (Refers to UC-3): This group represents individuals at a severe risk of targeted surveillance (e.g., privacy-conscious users operating in hostile environments). Their primary need is advanced privacy preservation to protect their personal safety, health, and human rights against capable adversaries and unsanctioned state actors.
- Small Organization Users (Refers to UC-4): This group represents users operating within smaller entities lacking dedicated, full-time network administration. Their primary need is establishing secure remote connections to necessary operational resources, heavily relying on manufacturer-managed services to prevent misconfigurations.
@@ -430,77 +431,79 @@ To ensure that the cybersecurity requirements address the specific threats faced

### 4.6.1 Introduction to Use Cases

<mark>Editor's Note: The use cases shall be defined as a combination of the product context elements described in clauses 4.1 to 4.5, clearly indicating:

- **Title** the title of the use case, following a consistent naming/ID scheme (e.g., UC-3 Internet Connection)
- **Goal** the goal of the use case (e.g., connect to the Internet)
- **Description** via subclauses or bullet points which elements from each apply (i.e., product type: ..., function: ..., users: ..., architecture: ..., operational environment: ...)
</mark>

<mark>
Editor’s Note: The standard may only be applied for those use cases listed in the standard. To ensure broad applicability, use cases should strive to cover all use cases known to standardisers, with a view to aiming for full reflection of market realities. This can be achieved by staying at a level of abstraction granular enough to serve as basis for security analysis.
</mark>

<mark>Editor’s Note: Use cases may include the case of critical infrastructure but shall refrain from an explicit link to the NIS 2 Directive.</mark>

This list of use cases is an informative resource to the manufacturer to simplify choosing a set of cybersecurity requirements. It is not an exhaustive list, and deployments may cross over more than one use.

See [\[i.3\]](#_ref_i.3) for formal definitions of micro, small, and medium-sized enterprises.

### 4.6.2 _UC-1_ Individual consumer

* Client installed on personal devices like mobile phone, portable or desktop computer
* Client communicates with exit nodes managed by manufacturer
* Securing traffic on untrusted access networks
* User may lack advanced cybersecurity knowledge
* Does not connect endpoints with other endpoints directly
*   **Goal:** Secure personal traffic on untrusted access networks; obfuscate location of origin IP.
*   **Description:**
  *   **Product type:** Software that operates as a VPN client.
  *   **Function:** Tunnels encrypted traffic to avoid tracking and eavesdropping on public or untrusted networks.
  *   **Users:** Everyday Consumers and Vulnerable Groups (as defined in 4.5).
  *   **Architecture:** Client installed on personal devices (mobile phones, portable or desktop computers) communicating with exit nodes managed by the manufacturer. Does not connect endpoints with other endpoints directly.
  *   **Operational environment:** Untrusted access networks.

### 4.6.3 _UC-2_ Privacy conscious household

* All VPN infrastructure owned, rented, or managed by the user
* Client installed on router or other network level
* Obfuscating traffic and IP to avoid tracking by ISPs, data brokers
* Does not connect endpoints with other endpoints directly
*   **Goal:** Obfuscate traffic and IP to avoid tracking by ISPs and data brokers.
*   **Description:**
  *   **Product type:** Software that operates as a VPN client (and optionally software that operates as a VPN Gateway).
  *   **Function:** Tunnels encrypted traffic to user-managed infrastructure, or to manufacturer-managed exit nodes.
  *   **Users:** Everyday Consumers (as defined in 4.5).
  *   **Architecture:** Client typically installed on a router or other network level to protect the household. The VPN infrastructure may be entirely owned, rented, or managed by the user, OR the client may communicate with exit nodes managed by the manufacturer. Does not connect endpoints with other endpoints directly.
  *   **Operational environment:** Private home networks.

### 4.6.4 _UC-3_ Journalist, activist, legal professionals

* At high risk of surveillance
* Actively circumventing observation from competitors, hackers, opponents, and unsanctioned state actors
* Does not connect endpoints with other endpoints directly
*   **Goal:** Actively circumvent observation from competitors, hackers, opponents, and unsanctioned state actors.
*   **Description:**
  *   **Product type:** Software that operates as a VPN client.
  *   **Function:** Advanced privacy preservation and surveillance evasion.
  *   **Users:** High-Risk Privacy Seekers (as defined in 4.5).
  *   **Architecture:** Client installed on personal devices. Strict endpoint isolation (does not connect endpoints with other endpoints directly).
  *   **Operational environment:** Hostile networks with high risk of surveillance.

### 4.6.5 _UC-4_ Small enterprise, small not-for-profit organization

* Limited or no full-time IT/network administration
* Seeking secure connections primarily to SaaS products
* Requires managed service for configuration and maintenance
* May connect endpoints with other endpoints directly
* Not critical for core business operations
*   **Goal:** Establish secure remote connections primarily to SaaS products and operational resources.
*   **Description:**
  *   **Product type:** VPN client and remote data processing software.
  *   **Function:** Secure connection to cloud resources with manufacturer-managed configuration.
  *   **Users:** Small Organization Users (as defined in 4.5).
  *   **Architecture:** Requires managed service for configuration and maintenance. May connect endpoints with other endpoints directly.
  *   **Operational environment:** Small enterprise networks with limited or no full-time IT/network administration. Not critical for core business operations.

### 4.6.6 _UC-5_ Large enterprise

* Full-time IT/network administration
* Connects many endpoints to private network with many hosts
* Requires managed service for configuration and maintenance
* Connects endpoints with other endpoints directly
* Critical for business operations
* Needs to inspect traffic extensively for cybersecurity
*   **Goal:** Securely connect many endpoints to a private network and inspect traffic extensively for security.
*   **Description:**
  *   **Product type:** VPN client, gateway, and server software.
  *   **Function:** Enterprise-wide secure overlay network.
  *   **Users:** Enterprise Integrators and Administrators (as defined in 4.5).
  *   **Architecture:** Requires managed service for configuration and maintenance, typically from manufacturer. Connects endpoints with other endpoints directly.
  *   **Operational environment:** Critical for business operations, managed by full-time IT/network administration.

### 4.6.7 _UC-6_ Enterprise with independent VPN infrastructure

* All enterprise users with limited technical knowledge
* Desires partial or full time remote access to enterprise network
* Accesses one or some remote networks via enterprise gateway
* Configuration managed by administrators, pushed via gateway and/or third party solution
* Device managed by administrators, including VPN client lifecycle (install, update, etc....), via dedicated tools
* Most cyberssecurity is managed by other components (gateway for network, local EDR for endpoint security, ....)
* Does not see VPN as critical for core business operations
*   **Goal:** Provide partial or full-time remote access to an enterprise network.
*   **Description:**
  *   **Product type:** VPN client, VPN server, and enterprise gateway software.
  *   **Function:** Secure remote access to one or some remote networks via an enterprise gateway.
  *   **Users:** Enterprise Integrators and Administrators (managing), Everyday Consumers/Enterprise Workers (using).
  *   **Architecture:** Configuration pushed via gateway and/or third-party solutions. Device and client lifecycle managed by administrators via dedicated tools.
  *   **Operational environment:** Most security is managed by other components (e.g., local EDR for endpoint security).

### 4.6.8 _UC-7_ Mesh Network

* Client installed on various devices, such as mobile phones, laptops, desktop computers, servers or network devices
* Connecting multiple endpoint traffic over untrusted access networks
  * Administrating user possesses some cybersecurity knowledge
  * Does connect endpoints with other endpoints directly
*   **Goal:** Connect multiple endpoint traffic over untrusted access networks without centralized routing.
*   **Description:**
  *   **Product type:** Software that operates as a node within a mesh VPN network.
  *   **Function:** Decentralized routing and tunnelling.
  *   **Users:** Enterprise Integrators and Administrators (as defined in 4.5).
  *   **Architecture:** Client installed on various devices (mobile phones, laptops, servers). Connects endpoints with other endpoints directly. Connection management operated by manufacturer.
  *   **Operational environment:** Untrusted access networks.

# 5 Technical requirements for the Products