@@ -29,10 +29,16 @@ The establishment and ending of a VPN connection shall not result in functional
After the user knowingly deactivates the VPN connection, the VPN client shall restore any system configuration it has changed to a state that is functionally equivalent to the state it was in before the VPN connection began.
* Test: collect the state of all system configuration the product may alter, start the VPN connection, after it reports that it is connected, stop the VPN connection, collect the system configuration again, and compare with previous version, repeat with different system and product configurations until all the possible system configuration changes have been tested
* Result: no functional differences in system configuration
* Output: before and after system configuration, any differences, explanation of why any differences do not affect the function of the system
* Documentation: a list of all the system configuration the product may change, a list of all the different system and VPN configurations that would result in different parts of the system configuration changing
* Reference: TR-CONF
* Objective: Preserve integrity of system configuration
* Preparation: List all items of system configuration that the VPN client may alter
* Activities:
* For each item of system configuration that the VPN client may alter, configure the VPN in a way that would alter that item.
* Collect the state of all system configuration the product may alter.
* Start the VPN connection. After it reports that it is connected, stop the VPN connection.
* Collect the system configuration again and compare with previous version.
* Verdict: All system configuration collected is functionally the same before and after the VPN connection starts and ends => PASS, otherwise FAIL
* Evidence: Collected system configuration, annotations of any configuration changes explaining why they aren't functional, log messages from tests
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
