This standard explicitly excludes enterprise VPN products & services and VPNs used in the industrial OT domain.
This list clarifies products whose functionality might be confused with the in-scope products of this standard, but which are excluded due to their primary purpose or operational environment. This standard does not cover products in use in contexts other than those identified in Annex <L>.
This list clarifies products whose functionality might be confused with the in-scope products of this standard, but which are excluded due to their primary purpose or operational environment.
- Enterprise VPNs: Products with an intended purpose of providing a VPN for an organization's workforce or for connecting data centers are not in the scope of this standard, as they are covered in a separate document.
- VPNs for industrial OT domains: Products with digital elements intended for use in the industrial OT (Operational Technology) domain are explicitly excluded from this standard, as their security requirements are covered under a different standard (EN 62443-5-XX).
