@@ -82,10 +82,10 @@ Further information on guidance for the application of the present document is p
# 1 Scope
The present document specifies technical requirements and corresponding assessment criteria for Virtual Private Networks related to cybersecurity. The products with digital elements in scope, thereafter "VPNs":
The present document specifies technical requirements and corresponding assessment criteria for Virtual Private Networks related to cybersecurity. The products with digital elements in scope, thereafter “VPNs”:
* are specified within the "technical description" of the "category of product" number "5" by the Commission Implementing Regulation (EU) 2025/2392 [\[i.2\]](#_ref_i.2) as: "Products with digital elements that establish an encrypted logical tunnel that is constructed from the system resources of a physical or virtual network."
* are only convered within the product context described in clause 4 and the text of this clause.
* are specified within the “technical description” of the “category of product” number “5” by the Commission Implementing Regulation (EU) 2025/2392 [\[i.2\]](#_ref_i.2) as: “Products with digital elements that establish an encrypted logical tunnel that is constructed from the system resources of a physical or virtual network.”
* are only covered within the product context described in clause 4 and the text of this clause.
In particular, the present document specifies technical characteristics and methods of assessment for:
@@ -112,31 +112,31 @@ Referenced documents which are not found to be publicly available in the expecte
The following referenced documents are necessary for the application of the present document.
<spanid="_ref_1"></span><aname="_ref_1">[1]</a> [ENISA Report 1747792503](https://certification.enisa.europa.eu/document/download/a845662b-aee0-484e-9191-890c4cfa7aaa_en?filename=ECCG%20Agreed%20Cryptographic%20Mechanisms%20version%202.pdf)(version 2 - April 2025) "European Cybersecurity Certification Group Sub-group on Cryptography Agreed Cryptographic Mechanisms"
<spanid="_ref_1"></span><aname="_ref_1">[1]</a> [ENISA Report 1747792503](https://certification.enisa.europa.eu/document/download/a845662b-aee0-484e-9191-890c4cfa7aaa_en?filename=ECCG%20Agreed%20Cryptographic%20Mechanisms%20version%202.pdf)(version 2 - April 2025) “European Cybersecurity Certification Group Sub-group on Cryptography Agreed Cryptographic Mechanisms”
<spanid="_ref_2"></span><aname="_ref_2">[2]</a> CEN-CENELEC prEN 40000-1-3: "Cybersecurity requirements for products with digital elements - Vulnerability Handling"
<spanid="_ref_2"></span><aname="_ref_2">[2]</a> CEN-CENELEC prEN 40000-1-3: “Cybersecurity requirements for products with digital elements - Vulnerability Handling”
<spanid="_ref_3"></span><aname="_ref_3">[3]</a> IETF [RFC 7488](https://datatracker.ietf.org/doc/html/rfc7748): "Elliptic Curves for Security"
<spanid="_ref_3"></span><aname="_ref_3">[3]</a> IETF [RFC 7488](https://datatracker.ietf.org/doc/html/rfc7748): “Elliptic Curves for Security”
<spanid="_ref_4"></span><aname="_ref_4">[4]</a> IETF [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032): "Edwards-Curve Digital Signature Algorithm (EdDSA)"
<spanid="_ref_4"></span><aname="_ref_4">[4]</a> IETF [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032): “Edwards-Curve Digital Signature Algorithm (EdDSA)”
<spanid="_ref_5"></span><aname="_ref_5">[5]</a> NIST [FIPS 186-5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf): "Digital Signature Standard (DSS)"
<spanid="_ref_5"></span><aname="_ref_5">[5]</a> NIST [FIPS 186-5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf): “Digital Signature Standard (DSS)”
<spanid="_ref_6"></span><aname="_ref_6">[6]</a> IETF [RFC 9106](https://datatracker.ietf.org/doc/html/rfc9106): "Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications"
<spanid="_ref_6"></span><aname="_ref_6">[6]</a> IETF [RFC 9106](https://datatracker.ietf.org/doc/html/rfc9106): “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”
<spanid="_ref_7"></span><aname="_ref_7">[7]</a> BSI [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html)(2026-01): "Cryptographic Mechanisms: Recommendations and Key Lengths"
<spanid="_ref_7"></span><aname="_ref_7">[7]</a> BSI [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html)(2026-01): “Cryptographic Mechanisms: Recommendations and Key Lengths”
<spanid="_ref_8"></span><aname="_ref_8">[8]</a> IETF [RFC 7914](https://datatracker.ietf.org/doc/html/rfc7914): "The scrypt Password-Based Key Derivation Function"
<spanid="_ref_8"></span><aname="_ref_8">[8]</a> IETF [RFC 7914](https://datatracker.ietf.org/doc/html/rfc7914): “The scrypt Password-Based Key Derivation Function”
<spanid="_ref_9"></span><aname="_ref_9">[9]</a> IETF [RFC 8439](https://datatracker.ietf.org/doc/html/rfc8439): "ChaCha20 and Poly1305 for IETF Protocols"
<spanid="_ref_9"></span><aname="_ref_9">[9]</a> IETF [RFC 8439](https://datatracker.ietf.org/doc/html/rfc8439): “ChaCha20 and Poly1305 for IETF Protocols”
<spanid="_ref_10"></span><aname="_ref_10">[10]</a> IETF [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693): "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)"
<spanid="_ref_10"></span><aname="_ref_10">[10]</a> IETF [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693): “The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)”
<spanid="_ref_12"></span><aname="_ref_12">[12]</a> C2SP [BLAKE3](https://c2sp.org/BLAKE3): "The BLAKE3 Hashing Framework"
<spanid="_ref_12"></span><aname="_ref_12">[12]</a> C2SP [BLAKE3](https://c2sp.org/BLAKE3): “The BLAKE3 Hashing Framework”
<spanid="_ref_13"></span><aname="_ref_13">[13]</a> IETF [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/): "The AEGIS Family of Authenticated Encryption Algorithms"
<spanid="_ref_13"></span><aname="_ref_13">[13]</a> IETF [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/): “The AEGIS Family of Authenticated Encryption Algorithms”
## 2.2 Informative references
@@ -144,33 +144,33 @@ References are either specific (identified by date of publication and/or edition
> NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.
The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader's understanding, but are not required for conformance to the present document.
The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader’s understanding, but are not required for conformance to the present document.
<spanid="_ref_i.1">[i.1]</span> [Regulation \(EU\) 2024/2847](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847) of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act).
<spanid="_ref_i.2">[i.2]</span> [Commission Implementing Regulation \(EU\) 2025/2392](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202502392) of 28 November 2025 on the technical description of the categories of important and critical products with digital elements pursuant to Regulation (EU) 2024/2847 of the European Parliament and of the Council.
<spanid="_ref_i.3">[i.3]</span> [Standardisation request M/606 - C\(2025\)618](https://ec.europa.eu/growth/tools-databases/enorm/mandate/606_en): "Commission Implementing decision of 3.2.2025 on a standardisation request to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (Cenelec) and the European Telecommunications Standards Institute (ETSI) as regards products with digital elements in support of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020and Directive (EU) 2020/1828 (Cyber Resilience Act)".
<spanid="_ref_i.3">[i.3]</span> [Standardisation request M/606 - C\(2025\)618](https://ec.europa.eu/growth/tools-databases/enorm/mandate/606_en): “Commission Implementing decision of 3.2.2025 on a standardisation request to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (CENELEC) and the European Telecommunications Standards Institute (ETSI) as regards products with digital elements in support of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020and Directive (EU) 2020/1828 (Cyber Resilience Act)”.
<spanid="_ref_i.4">[i.4]</span> prEN 40000-1-1: "Cybersecurity requirements for products with digital elements - Vocabulary" (Version and date to be added upon its publication by CEN CENELEC)
<spanid="_ref_i.4">[i.4]</span> prEN 40000-1-1: “Cybersecurity requirements for products with digital elements - Vocabulary” (Version and date to be added upon its publication by CEN CENELEC)
<spanid="_ref_i.5">[i.5]</span> prEN 40000-1-2: “Cybersecurity requirements for products with digital elements – Principles for cyber resilience” NOTE: Version and date to be added upon its publication by CEN CENELEC.
<spanid="_ref_i.6">[i.6]</span> prEN 40000-1-3: "Cybersecurity requirements for products with digital elements – Part 1-3: Vulnerability handling“ (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.
<spanid="_ref_i.6">[i.6]</span> prEN 40000-1-3: “Cybersecurity requirements for products with digital elements – Part 1-3: Vulnerability handling” (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.
<spanid="_ref_i.7">[i.7]</span> prEN 40000-1-4: "Cybersecurity requirements for products with digital elements – Part 1-4: Security controls – Generic security requirements” (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.
<spanid="_ref_i.7">[i.7]</span> prEN 40000-1-4: “Cybersecurity requirements for products with digital elements – Part 1-4: Security controls – Generic security requirements” (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.
<spanid="_ref_i.8">[i.8] prEN 50770 series: “Security for operational technologies” (produced by CENELEC).
<spanid="_ref_i.9">[i.9]</span> Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). <https://eur-lex.europa.eu/eli/reg/2019/881>
<spanid="_ref_i.10">[i.10]</span> IEEE-ITSO 6100 (1.0.0): "Uptane Standard for Design and Implementation". <https://uptane.org/papers/ieee-isto-6100.1.0.0.uptane-standard.html>
<spanid="_ref_i.10">[i.10]</span> IEEE-ITSO 6100 (1.0.0): “Uptane Standard for Design and Implementation”. <https://uptane.org/papers/ieee-isto-6100.1.0.0.uptane-standard.html>
<spanid="_ref_i.11">[i.11]</span> ITU-T x.509: "Public-key and attribute certificate frameworks". <https://www.itu.int/rec/T-REC-X.509/en>
<spanid="_ref_i.11">[i.11]</span> ITU-T x.509: “Public-key and attribute certificate frameworks”. <https://www.itu.int/rec/T-REC-X.509/en>
<spanid="_ref_i.12">[i.12]</span> Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) <https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng#art_4>
<spanid="_ref_i.13">[i.13]</span> ETSI TS 104 103: "Cyber Security (CYBER); Encrypted Traffic Integration (ETI); Problem Statement review and requirements definition". <https://www.etsi.org/deliver/etsi_ts/104100_104199/104103/01.01.01_60/ts_104103v010101p.pdf>
<spanid="_ref_i.13">[i.13]</span> ETSI TS 104 103: “Cyber Security (CYBER); Encrypted Traffic Integration (ETI); Problem Statement review and requirements definition”. <https://www.etsi.org/deliver/etsi_ts/104100_104199/104103/01.01.01_60/ts_104103v010101p.pdf>
<spanid="_ref_i.14">[i.14]</span> prEN 50770 series: “Security for operational technologies” (produced by CENELEC).
@@ -184,7 +184,7 @@ For the purposes of the present document, the terms given in Regulation (EU) 202
: data centre or collection of data centres operated entirely by a third party which rents out space and time on their equipment, as well as providing services for managing infrastructure from outside networks
**cybersecurity**
: "the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats"
: “the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats”
> NOTE: See Article 2, point (1), of Regulation (EU) 2019/881 [\[i.9\]](#_ref_i.9)
@@ -192,7 +192,7 @@ For the purposes of the present document, the terms given in Regulation (EU) 202
: VPN server software which routes packets to and from their intended destination
**Personal Data**
: "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”
> NOTE: See (EU) 2016/679 General Data Protection Regulation [\[i.12\]](#_ref_i.12)
As a complete product, a Virtual Private Network includes, at minimum, VPN software capable of establishing a secure encrypted tunnel between two or more devices.
In consumer deployments, the most common stateoftheart implementation is a product that provides a secure tunnel to one or more servers—usually managed by the manufacturer as "exit nodes"—which then route traffic to its originally intended destination, typically on a public network like the Internet.
In consumer deployments, the most common state-of-the-art implementation is a product that provides a secure tunnel to one or more servers—usually managed by the manufacturer as “exit nodes”—which then route traffic to its originally intended destination, typically on a public network like the Internet.
In enterprise wide area deployments, a common stateoftheart implementation is a product with digital elements that provides a secure overlay network to one or more servers that enable routing of traffic between remote restricted-use enterprise networks.
In enterprise wide area deployments, a common state-of-the-art implementation is a product with digital elements that provides a secure overlay network to one or more servers that enable routing of traffic between remote restricted-use enterprise networks.
The product consists of any client software installed as described above as well as any functionality that processes data on manufacturer-controlled infrastructure that is required for the product to operate as expected.
@@ -343,9 +343,9 @@ After establishing a tunnel, the VPN client changes configuration of the host de
(previously ### 4.3.3)
While Clause 4.1 establishes that any node within a VPN network may dynamically fulfill various operational roles, the terms "VPN server" and "VPN gateway" are used to describe nodes primarily dedicated to aggregation, routing, and access control.
While Clause 4.1 establishes that any node within a VPN network may dynamically fulfill various operational roles, the terms “VPN server” and “VPN gateway” are used to describe nodes primarily dedicated to aggregation, routing, and access control.
A **VPN server** is responsible for maintaining secure tunnels between multiple VPN clients and the traffic destinations the clients are requesting. It typically enforces centralized authentication, authorization, and traffic filtering policies. In decentralized or mesh VPN architectures, a "server" is not necessarily a dedicated, centralized appliance; rather, it is a logical role that any authorized peer node can assume to route traffic or act as an exit node for other peers.
A **VPN server** is responsible for maintaining secure tunnels between multiple VPN clients and the traffic destinations the clients are requesting. It typically enforces centralized authentication, authorization, and traffic filtering policies. In decentralized or mesh VPN architectures, a “server” is not necessarily a dedicated, centralized appliance; rather, it is a logical role that any authorized peer node can assume to route traffic or act as an exit node for other peers.
A **VPN gateway** specifically fulfills the gateway role, acting as the secure bridge between the restricted-use VPN network and external networks, such as a private corporate intranet or the public internet.
@@ -373,7 +373,7 @@ There are various types of devices, but they all share that the firewall is mana
***Network devices**: VPN products are often deployed on network devices to tunnel traffic to remote endpoints. Such network devices (for example a router) are usually located on the edge between a private and public network and thus exposed to internal as well as external attack surfaces. A firewall is usually included by the underlying OS or hardware system for such network devices.
***Internet of Things, Consumer Gadgets and Appliances**: VPN products could be deployed on IoT devices, consumer gadgets, TVs or other appliances where the product is bound to the security model of the device hardware and operating system. The device might lack proper hardware security modules, firewall support, or enforce a relaxed security model (for example requiring the product to run as root without proper isolation between applications and users). Such devices are usually placed in private networks.
***Consumer Devices**: VPN products are often deployed on consumer devices such as tablets, computers, mobile devices or laptops of various operating systems. The product is bound to the security model of the hardware and operating system. While such devices usually support firewalls and proper user isolation, the actual security configuration of such systems depends on the security awareness of the operating administrating user and the configuration limitations of the underlying system. Consumer devices are located in private networks.
***Managed Endpoints**: Managed endpoints are professionally managed instances which are usually located on a physical or virtual server in a data center. While the firewall configuration is done by the administrating user, this user is assumed to have advanced security knowledge. Further, the server is usually located in an access restricted data center which transfers physical risk (for example memory snapshotting or injections) to the data center provider.
***Managed Endpoints**: Managed endpoints are professionally managed instances which are usually located on a physical or virtual server in a data centre. While the firewall configuration is done by the administrating user, this user is assumed to have advanced security knowledge. Further, the server is usually located in an access restricted data centre which transfers physical risk (for example memory snapshotting or injections) to the data centre provider.
Devices might be located in insecure networks, which could include one or even a combination of the following networks:
@@ -407,7 +407,7 @@ A VPN product runs on a node in the context of an operating system, as an applic
@@ -594,7 +594,7 @@ Once the present document is cited in the Official Journal of the European Union
**Requirement Conditionality:**
**U/C** Indicates whether the requirement is unconditionally applicable (U) or is conditional upon the manufacturer's claimed functionality of the equipment (C).
**Condition** Explains the conditions when the requirement is or is not applicable for a requirement which is classified "conditional".
**Condition** Explains the conditions when the requirement is or is not applicable for a requirement which is classified “conditional”.
Presumption of conformity stays valid only as long as a reference to the present document is maintained in the list published in the Official Journal of the European Union. Users of the present document should consult frequently the latest list published in the Official Journal of the European Union.
@@ -618,7 +618,7 @@ _Use technical language and focus what is relevant from a product perspective_
## B.0 Introduction
This Annex applies stateoftheart methodology to identify threats and identify & evaluate risks based on product use cases.
This Annex applies state-of-the-art methodology to identify threats and identify & evaluate risks based on product use cases.
## B.1 Assets
@@ -887,7 +887,7 @@ Mitigations for Impact:
### C.4.6 TH-RDOS: Denial of service on remote data processing
Attacker launches denialofservice attack on remote data processing solution.
Attacker launches denial-of-service attack on remote data processing solution.
**Table C.4.6-1: Denial of service on remote data processing**
@@ -1496,7 +1496,7 @@ _Editor's note: this table must be updated before the draft can be considered Fi
_This Annex is optional and may be referred to from the Introduction of the document to provide more information on how to implement the standard._
# Annex K (normative): Generic requirements and assessment criteria for the use of stateoftheart cryptography
# Annex K (normative): Generic requirements and assessment criteria for the use of state-of-the-art cryptography
@@ -43,7 +43,7 @@ The assessment criteria for each security requirements are described in a struct
- Test environment: Describe the hardware, software, and network setup used for the assessment, including versions, topology, and any relevant dependencies.
- Preconditions: Specify any configurations, credentials, or operational states that should be established before the test (e.g. product initialized, certificates loaded, user roles created).
- Required tools: Identify the tools or software necessary to perform the assessment (e.g. vulnerability scanners, protocol fuzzers, traffic analyzers, static code analyzers, cryptographic test suites).
- Required tools: Identify the tools or software necessary to perform the assessment (e.g. vulnerability scanners, protocol fuzzers, traffic analysers, static code analysers, cryptographic test suites).
<mark>Editor's Note: Precisely reference individual tools or include an unambiguous characterization by way of tool capabilities to ensure consistent tool application. For instance, "state-of-the-art vulnerability scanner" shall instead be replaced with "vulnerability scanner that covers all CVEs, supports credentialed and non-credentialed scans, ..."</mark>
@@ -653,7 +653,7 @@ Otherwise FAIL
#### 6.5.13.1 Objective
Prevent "rollback attacks" by rejecting previously-valid packages that contain vulnerabilities.
Prevent “rollback attacks” by rejecting previously-valid packages that contain vulnerabilities.
#### 6.5.13.2 Preparation
@@ -1424,7 +1424,7 @@ Confidentiality of data
#### 6.7.15.2 Preparation
Identify all specific locations (files, databases, registries, secure enclaves) where the product stores the "Confidential Elements in Scope". Document the accepted protection method applied to each location.
Identify all specific locations (files, databases, registries, secure enclaves) where the product stores the “Confidential Elements in Scope”. Document the accepted protection method applied to each location.
#### 6.7.15.3 Activities
@@ -1701,7 +1701,7 @@ None.
#### 6.9.5.3 Activities
Gather any data stored on the VPN server, gateway or exit node during a typical hour of use or smilate usage. Label data as personal data if any.
Gather any data stored on the VPN server, gateway or exit node during a typical hour of use or simulate usage. Label any present Personal Data as such.