@@ -913,6 +913,34 @@ The product shall transfer log messages indicating cybersecurity-relevant intern
> [!note]
> One type of event for which log messages must take care to not accidentally include a secret is failed password authentication attempts. Since users often type their password into the username field, including the username field in the log message may result in including a secret in the log message.
#### 5.2.15.4 MI LOGG 3: No-Logs Policy and Traffic Anonymization
The remote data processing solutions of the VPN manufacturer shall technically enforce a strict "no-logs" policy. The solutions shall ensure that no information about the user's network traffic is persistently stored; this includes Personal Data, the client's source IP, or connection metadata, such as destination IPs and other plaintext connection information (e.g., DNS queries, Ports or SNI Headers).
* Reference: TR-LOGG, TR-DMIN
* Objective: Data minimization and Confidentiality of data.
* Preparation: Gather the technical documentation detailing the logging architecture of the remote data processing solutions, and obtain administrative access to a test instance of the VPN server configured identically to the production environment
* Activities: Examine the server and routing software configuration files to verify that the logging of connection metadata and Personal Data is disabled or discarded, start a VPN connection from a client and generate network traffic, and inspect the remote server's persistent storage for the client's source IP, destination IPs, or plaintext connection information.
* Verdict: If the server configuration permits the persistent storage of user network traffic data, or if any Personal Data or connection metadata is found persistently stored on the remote data processing system after generating traffic => FAIL, otherwise => PASS.
* Evidence: Copies of the relevant server configuration files demonstrating that logging is disabled, a description of the test traffic generated, and the output of the server storage/log inspection confirming the absence of the specified data.
#### 5.2.15.5 MI LOGG 3: No data persistence or storage enabled on exit nodes
The remote data processing solutions (e.g., exit nodes) of the VPN manufacturer shall utilize an ephemeral infrastructure architecture to technically prevent the persistent storage of user data, traffic metadata, or system logs at the hardware and operating system level. Servers shall operate exclusively using volatile memory (e.g., RAM disks or NVRAM) for temporary processing and system logs, without writing to non-volatile disk-based storage. To satisfy cybersecurity monitoring requirements, any non-PII cybersecurity-relevant events shall be logged in volatile memory or securely transmitted to a remote logging system in accordance with MI-LOGG-2
* Reference: TR-LOGG, TR-DMIN
* Objective: Minimization of data compromise due to equipment compromise, Confidentiality of data
* Preparation: Obtain the technical documentation detailing the server provisioning architecture for the remote data processing solutions. Obtain administrative access to a test instance of the VPN exit node configured identically to the production environment.
* Activities: Perform steps in sequence:
1. Examine the server's operating system configuration (e.g., filesystem table/fstab, boot parameters) to verify that all system directories (including /var/log and temporary storage) are mounted exclusively on volatile memory (RAM disks).
2. Verify that unencrypted non-volatile swap partitions are disabled.
3. Generate network traffic through the test node, then power cycle (reboot) the server and inspect the storage.
* Verdict: If the server utilizes non-volatile disk-based storage for system logs, swap, or temporary processing, or if any data persists across a power cycle => FAIL, otherwise => PASS.
* Evidence: Copies of the relevant server configuration files demonstrating the use of RAM disks, and the output of the storage inspection after the power cycle.
> [!note]
> "Minimization of data compromise due to equipment compromise" is a completely NEW OBJECTIVE
