@@ -103,7 +103,7 @@ The present document explicitly VPNs used in the industrial OT domain.
This list clarifies products whose functionality might be confused with the in-scope products of the present document, but which are excluded due to their primary purpose or operational environment.
* VPNs for industrial OT domains: Products intended for use in the industrial OT (Operational Technology) domain are explicitly excluded from the present document, as their cybersecurity requirements are covered under a different standard (EN 62443-5-XX).
* Products with a VPN as a component: Products whose intended purpose is not a VPN, but which contain VPN functionality, cannot rely on the present document alone for a presumption of conformity. This may include devices like a home router with an integrated VPN client and products such as firewalls and routers. While these devices may have integrated VPN capabilities, their intended purpose is network security or traffic control, which is addressed by other standards.
* Products with a VPN as a component: Products whose intended purpose is not a VPN, but which contain VPN functionality, cannot rely on the present document for a presumption of conformity. This may include devices like a home router with an integrated VPN client and products such as firewalls and routers. While these devices may have integrated VPN capabilities, their intended purpose is network security or traffic control, which is addressed by other standards.
* VPN services without a component provided for the customer or end user. Commercial actors that provide a VPN service solely by providing users with configuration details (e.g., an OpenVPN config file) and do not provide an associated end-user client or managed hardware are not in scope.
* Unsecured network connections: the present document does not apply to software or hardware intended to link two or more networks without implementing a secure connection.
