@@ -822,6 +816,145 @@ VPN encryption shall use cryptographic algorithms, keys, and parameters as descr
|----------------------|------------------------|
| all | MI-CRYPT-1, MI-CRYPT-2 |
### 5.2.15 TR-LOGG: Logging and monitoring
#### 5.2.15.1 Requirement
The product shall record security-relevant internal events, including but not limited to changes to configuration and access or modification of data and functions. The product shall provide an opt-out mechanism.
#### 5.2.15.1 MI-LOGG: Logging
The product shall record log messages indicating security-relevant internal events in an internal log or transmit them to the host system logging system. The log messages shall not include any confidential information such as PII, secrets, or credentials, or any information which might reasonably be expected to include such items.
* Reference: TR-LOGG
* Objective: Monitoring and recording security-relevant events
* Preparation: List all types of security-relevant internal events
* Activities: For each type of security-relevant internal event, trigger the event
* Verdict: For each triggered event, the log contains a message indicating the event, log message does not include any information likely to be confidential => PASS, otherwise FAIL
* Evidence: Method of triggering events, log messages with annotations
Guidance: One type of event whose log message must take care to not accidentally include a secret is failed password authentication attempts. Since people often type their password into the username field, including the username field in the log message may result in including a secret in the log message.
### 5.2.16 TR-SCDL: Secure deletion
#### 5.2.16.1 Requirement
The product shall provide a method of deleting all user data and settings and resetting the product to its secure-by-default configuration.
Guidance: Overwriting all user-writable storage or encrypting all user data and deleting the key are two secure deletion mechanisms.
#### 5.2.16.2 MI-RSET: Secure deletion via reset
The product shall reset to its secure-by-default state after a power cycle or reset command.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SCDL
* Objective: Secure deletion
* Preparation: Document every kind of stored data or setting that may be changed by the user on the product, how to store it on the product, and how to read it from the product
* Activities: For each kind of user data or setting that may be stored and changed by the user on the product, write an instance of the data or setting stored on the product that is different from the default and read it from the product; once all kinds of data have been written and read, power cycle or reset the product, and read each kind of data again
* Verdict: If any data or setting is the same for both of the reads => FAIL, otherwise => PASS
* Evidence: Record of each type of data or setting, what data or setting was written, what data or setting was returned by the first read, and what data or setting was returned by the second read, comparison of each one
#### 5.2.16.3 MI-INST: Secure deletion via reinstallation
The product shall reset to its secure-by-default state after a reinstallation that securely deletes all previous user data or settings.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SCDL
* Objective: Secure deletion
* Preparation: Document every kind of data or setting that may be stored and changed by the user on the product, how to store it on the product, and how to read it from the product
* Activities: For each kind of user data or setting that may be stored and changed by the user on the product, write an instance of the data or setting stored on the product that is different from the default and read it from the product; once all kinds of data have been written and read, reinstall the product with the secure delete option, and read the data or settings again
* Verdict: If any data or setting is the same for both of the reads => FAIL, otherwise => PASS
* Evidence: Record of each type of data or setting, what data or setting was written, what data or setting was returned by the first read, and what data or setting was returned by the second read, comparison of each one
#### 5.2.16.4 MI-DELE: Secure deletion via secure deletion function
The product shall reset to its secure-by-default state after the secure deletion function is used.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SCDL
* Objective: Secure deletion
* Preparation: Document every kind of data or setting that may be stored and changed by the user on the product, how to store it on the product, and how to read it from the product
* Activities: For each kind of user data or setting that may be stored and changed by the user on the product, write an instance of the data or setting stored on the product that is different from the default and read it from the product; once all kinds of data have been written and read, activate the secure deletion function, and read the data or settings again
* Verdict: If any data or setting is the same for both of the reads => FAIL, otherwise => PASS
* Evidence: Record of each type of data or setting, what data or setting was written, what data or setting was returned by the first read, and what data or setting was returned by the second read, comparison of each one
### 5.2.17 TR-SDTR: Secure data read and transfer
#### 5.2.17.1 Requirement
The product shall provide a method to read all data and settings from the product, and if provided, securely transfer data and settings to another product.
#### 5.2.17.2 MI-SDRF: Secure data read from product
The product shall provide a method by which an authorized user can securely read all data and settings from the product.
* Applicability: Product has the capability for the user to write data and/or settings
* Reference: TR-SDTR
* Objective: Secure data read
* Preparation: List all data and settings
* Activities: For each kind of data or setting, read the data or setting as an authorized user, then attempt read the data or setting as an unauthorized user, if any exists
* Verdict: All data and settings can be read by the authorized user, and no data or setting can be read by an unauthorized user => PASS, otherwise FAIL
* Evidence: List of data and settings, log message showing success or failure of each read by the authorized user and, if applicable, the unauthorized user
#### 5.2.17.3 MI-SDTR: Secure data transfer to another product
If the product provides a method to transfer data and settings to another product, it shall do so securely.
* Applicability: Product has the capability for the user to write data and/or settings and to transfer them to another product.
* Reference: TR-SDTR
* Objective: Secure data transfer
* Preparation: Prepare methods by which an unauthorized user could read the data during transfer as outlined in the risk assessment
* Activities: Read the data or settings, initiate the data transfer, attempt to read or alter the transferred data and settings as an unauthorized user, read the new data and settings on the target product
* Verdict: No data or settings could be read or altered by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS, otherwise FAIL
* Evidence: List of data and settings, log messages from the attempts to read or alter data as the unauthorized user, data and settings as read from the source product and as read from the target product, comparison explaining technical reasons for any differences in the two versions
### 5.2.18 TR-VULH: Vulnerability handling
#### 5.2.18.1 Requirement
The product shall have vulnerability handling processes compliant with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\".
#### 5.2.18.2 MI-VULH: Vulnerability handling
The product shall have vulnerability handling processes compliant with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\".
* Applicability: (for requirements that depend on a feature)
* Reference: TR-VULH
* Objective: Vulnerability handling
* Activities: Review documentation associated with vulnerability handling.
* Verdict: Vulnerability handling documentation is compliant with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\" => PASS, otherwise FAIL
* Evidence: Vulnerability handling documentation, comparison with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\"
