Unverified Commit 8ae20df1 authored by Aki Braun's avatar Aki Braun
Browse files

Spellcheck, formatting

parent 76ffe48f
Loading
Loading
Loading
Loading
+37 −37
Original line number Diff line number Diff line
@@ -82,10 +82,10 @@ Further information on guidance for the application of the present document is p

# 1 Scope

The present document specifies technical requirements and corresponding assessment criteria for Virtual Private Networks related to cybersecurity. The products with digital elements in scope, thereafter "VPNs":
The present document specifies technical requirements and corresponding assessment criteria for Virtual Private Networks related to cybersecurity. The products with digital elements in scope, thereafter VPNs:

* are specified within the "technical description" of the "category of product" number "5" by the Commission Implementing Regulation (EU) 2025/2392 [\[i.2\]](#_ref_i.2) as: "Products with digital elements that establish an encrypted logical tunnel that is constructed from the system resources of a physical or virtual network."
* are only convered within the product context described in clause 4 and the text of this clause.
* are specified within the technical description of the category of product number “5” by the Commission Implementing Regulation (EU) 2025/2392 [\[i.2\]](#_ref_i.2) as: Products with digital elements that establish an encrypted logical tunnel that is constructed from the system resources of a physical or virtual network.
* are only covered within the product context described in clause 4 and the text of this clause.

In particular, the present document specifies technical characteristics and methods of assessment for:

@@ -112,31 +112,31 @@ Referenced documents which are not found to be publicly available in the expecte

The following referenced documents are necessary for the application of the present document.

<span id="_ref_1"></span><a name="_ref_1">[1]</a> [ENISA Report 1747792503](https://certification.enisa.europa.eu/document/download/a845662b-aee0-484e-9191-890c4cfa7aaa_en?filename=ECCG%20Agreed%20Cryptographic%20Mechanisms%20version%202.pdf) (version 2 - April 2025) "European Cybersecurity Certification Group Sub-group on Cryptography Agreed Cryptographic Mechanisms"
<span id="_ref_1"></span><a name="_ref_1">[1]</a> [ENISA Report 1747792503](https://certification.enisa.europa.eu/document/download/a845662b-aee0-484e-9191-890c4cfa7aaa_en?filename=ECCG%20Agreed%20Cryptographic%20Mechanisms%20version%202.pdf) (version 2 - April 2025) European Cybersecurity Certification Group Sub-group on Cryptography Agreed Cryptographic Mechanisms

<span id="_ref_2"></span><a name="_ref_2">[2]</a> CEN-CENELEC prEN 40000-1-3: "Cybersecurity requirements for products with digital elements - Vulnerability Handling"
<span id="_ref_2"></span><a name="_ref_2">[2]</a> CEN-CENELEC prEN 40000-1-3: Cybersecurity requirements for products with digital elements - Vulnerability Handling

<span id="_ref_3"></span><a name="_ref_3">[3]</a> IETF [RFC 7488](https://datatracker.ietf.org/doc/html/rfc7748): "Elliptic Curves for Security"
<span id="_ref_3"></span><a name="_ref_3">[3]</a> IETF [RFC 7488](https://datatracker.ietf.org/doc/html/rfc7748): Elliptic Curves for Security

<span id="_ref_4"></span><a name="_ref_4">[4]</a> IETF [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032): "Edwards-Curve Digital Signature Algorithm (EdDSA)"
<span id="_ref_4"></span><a name="_ref_4">[4]</a> IETF [RFC 8032](https://datatracker.ietf.org/doc/html/rfc8032): Edwards-Curve Digital Signature Algorithm (EdDSA)

<span id="_ref_5"></span><a name="_ref_5">[5]</a> NIST [FIPS 186-5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf): "Digital Signature Standard (DSS)"
<span id="_ref_5"></span><a name="_ref_5">[5]</a> NIST [FIPS 186-5](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf): Digital Signature Standard (DSS)

<span id="_ref_6"></span><a name="_ref_6">[6]</a> IETF [RFC 9106](https://datatracker.ietf.org/doc/html/rfc9106): "Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications"
<span id="_ref_6"></span><a name="_ref_6">[6]</a> IETF [RFC 9106](https://datatracker.ietf.org/doc/html/rfc9106): Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications

<span id="_ref_7"></span><a name="_ref_7">[7]</a> BSI [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html) (2026-01): "Cryptographic Mechanisms: Recommendations and Key Lengths"
<span id="_ref_7"></span><a name="_ref_7">[7]</a> BSI [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html) (2026-01): Cryptographic Mechanisms: Recommendations and Key Lengths

<span id="_ref_8"></span><a name="_ref_8">[8]</a> IETF [RFC 7914](https://datatracker.ietf.org/doc/html/rfc7914): "The scrypt Password-Based Key Derivation Function"
<span id="_ref_8"></span><a name="_ref_8">[8]</a> IETF [RFC 7914](https://datatracker.ietf.org/doc/html/rfc7914): The scrypt Password-Based Key Derivation Function

<span id="_ref_9"></span><a name="_ref_9">[9]</a> IETF [RFC 8439](https://datatracker.ietf.org/doc/html/rfc8439): "ChaCha20 and Poly1305 for IETF Protocols"
<span id="_ref_9"></span><a name="_ref_9">[9]</a> IETF [RFC 8439](https://datatracker.ietf.org/doc/html/rfc8439): ChaCha20 and Poly1305 for IETF Protocols

<span id="_ref_10"></span><a name="_ref_10">[10]</a> IETF [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693): "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)"
<span id="_ref_10"></span><a name="_ref_10">[10]</a> IETF [RFC 7693](https://datatracker.ietf.org/doc/html/rfc7693): The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)

<span id="_ref_11"></span><a name="_ref_11">[11]</a> IETF [RFC 4418](https://datatracker.ietf.org/doc/html/rfc4418): "UMAC: Message Authentication Code using Universal Hashing"
<span id="_ref_11"></span><a name="_ref_11">[11]</a> IETF [RFC 4418](https://datatracker.ietf.org/doc/html/rfc4418): UMAC: Message Authentication Code using Universal Hashing

<span id="_ref_12"></span><a name="_ref_12">[12]</a> C2SP [BLAKE3](https://c2sp.org/BLAKE3): "The BLAKE3 Hashing Framework"
<span id="_ref_12"></span><a name="_ref_12">[12]</a> C2SP [BLAKE3](https://c2sp.org/BLAKE3): The BLAKE3 Hashing Framework

<span id="_ref_13"></span><a name="_ref_13">[13]</a> IETF [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/): "The AEGIS Family of Authenticated Encryption Algorithms" 
<span id="_ref_13"></span><a name="_ref_13">[13]</a> IETF [RFC-AEGIS](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead/): The AEGIS Family of Authenticated Encryption Algorithms

## 2.2 Informative references

@@ -144,33 +144,33 @@ References are either specific (identified by date of publication and/or edition

> NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity.

The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader's understanding, but are not required for conformance to the present document.
The following referenced documents may be useful in implementing an ETSI deliverable or add to the readers understanding, but are not required for conformance to the present document.

<span id="_ref_i.1">[i.1]</span> [Regulation \(EU\) 2024/2847](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202402847) of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act).

<span id="_ref_i.2">[i.2]</span> [Commission Implementing Regulation \(EU\) 2025/2392](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202502392) of 28 November 2025 on the technical description of the categories of important and critical products with digital elements pursuant to Regulation (EU) 2024/2847 of the European Parliament and of the Council.

<span id="_ref_i.3">[i.3]</span> [Standardisation request M/606 - C\(2025\)618](https://ec.europa.eu/growth/tools-databases/enorm/mandate/606_en): "Commission Implementing decision of 3.2.2025 on a standardisation request to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (Cenelec) and the European Telecommunications Standards Institute (ETSI) as regards products with digital elements in support of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020and Directive (EU) 2020/1828 (Cyber Resilience Act)".
<span id="_ref_i.3">[i.3]</span> [Standardisation request M/606 - C\(2025\)618](https://ec.europa.eu/growth/tools-databases/enorm/mandate/606_en): Commission Implementing decision of 3.2.2025 on a standardisation request to the European Committee for Standardisation (CEN), the European Committee for Electrotechnical Standardisation (CENELEC) and the European Telecommunications Standards Institute (ETSI) as regards products with digital elements in support of Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020and Directive (EU) 2020/1828 (Cyber Resilience Act).

<span id="_ref_i.4">[i.4]</span> prEN 40000-1-1: "Cybersecurity requirements for products with digital elements - Vocabulary" (Version and date to be added upon its publication by CEN CENELEC)
<span id="_ref_i.4">[i.4]</span> prEN 40000-1-1: Cybersecurity requirements for products with digital elements - Vocabulary (Version and date to be added upon its publication by CEN CENELEC)

<span id="_ref_i.5">[i.5]</span> prEN 40000-1-2: “Cybersecurity requirements for products with digital elements – Principles for cyber resilience” NOTE: Version and date to be added upon its publication by CEN CENELEC.

<span id="_ref_i.6">[i.6]</span> prEN 40000-1-3: "Cybersecurity requirements for products with digital elements – Part 1-3: Vulnerability handling (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.
<span id="_ref_i.6">[i.6]</span> prEN 40000-1-3: Cybersecurity requirements for products with digital elements – Part 1-3: Vulnerability handling (produced by CEN CENELEC). NOTE: Version and date to be added upon its publication by CEN CENELEC.

<span id="_ref_i.7">[i.7]</span> prEN 40000-1-4: "Cybersecurity requirements for products with digital elements – Part 1-4:  Security controls – Generic security requirements” (produced by CEN CENELEC).  NOTE: Version and date to be added upon its publication by CEN CENELEC.
<span id="_ref_i.7">[i.7]</span> prEN 40000-1-4: Cybersecurity requirements for products with digital elements – Part 1-4:  Security controls – Generic security requirements” (produced by CEN CENELEC).  NOTE: Version and date to be added upon its publication by CEN CENELEC.

<span id="_ref_i.8">[i.8] prEN 50770 series: “Security for operational technologies” (produced by CENELEC).

<span id="_ref_i.9">[i.9]</span> Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). <https://eur-lex.europa.eu/eli/reg/2019/881>

<span id="_ref_i.10">[i.10]</span> IEEE-ITSO 6100 (1.0.0): "Uptane Standard for Design and Implementation". <https://uptane.org/papers/ieee-isto-6100.1.0.0.uptane-standard.html>
<span id="_ref_i.10">[i.10]</span> IEEE-ITSO 6100 (1.0.0): Uptane Standard for Design and Implementation. <https://uptane.org/papers/ieee-isto-6100.1.0.0.uptane-standard.html>

<span id="_ref_i.11">[i.11]</span> ITU-T x.509: "Public-key and attribute certificate frameworks". <https://www.itu.int/rec/T-REC-X.509/en>
<span id="_ref_i.11">[i.11]</span> ITU-T x.509: Public-key and attribute certificate frameworks. <https://www.itu.int/rec/T-REC-X.509/en>

<span id="_ref_i.12">[i.12]</span> Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) <https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng#art_4>

<span id="_ref_i.13">[i.13]</span> ETSI TS 104 103: "Cyber Security (CYBER); Encrypted Traffic Integration (ETI); Problem Statement review and requirements definition". <https://www.etsi.org/deliver/etsi_ts/104100_104199/104103/01.01.01_60/ts_104103v010101p.pdf>
<span id="_ref_i.13">[i.13]</span> ETSI TS 104 103: Cyber Security (CYBER); Encrypted Traffic Integration (ETI); Problem Statement review and requirements definition. <https://www.etsi.org/deliver/etsi_ts/104100_104199/104103/01.01.01_60/ts_104103v010101p.pdf>

<span id="_ref_i.14">[i.14]</span>  prEN 50770 series: “Security for operational technologies” (produced by CENELEC).

@@ -184,7 +184,7 @@ For the purposes of the present document, the terms given in Regulation (EU) 202
: data centre or collection of data centres operated entirely by a third party which rents out space and time on their equipment, as well as providing services for managing infrastructure from outside networks

**cybersecurity**
: "the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats"
: the activities necessary to protect network and information systems, the users of such systems, and other persons affected by cyber threats

> NOTE: See Article 2, point (1), of Regulation (EU) 2019/881 [\[i.9\]](#_ref_i.9) 

@@ -192,7 +192,7 @@ For the purposes of the present document, the terms given in Regulation (EU) 202
: VPN server software which routes packets to and from their intended destination

**Personal Data**
: "any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

> NOTE: See (EU) 2016/679 General Data Protection Regulation [\[i.12\]](#_ref_i.12)

@@ -319,9 +319,9 @@ During reasonably foreseeable use, VPN nodes may:

As a complete product, a Virtual Private Network includes, at minimum, VPN software capable of establishing a secure encrypted tunnel between two or more devices.

In consumer deployments, the most common state of the art implementation is a product that provides a secure tunnel to one or more servers—usually managed by the manufacturer as "exit nodes"—which then route traffic to its originally intended destination, typically on a public network like the Internet.
In consumer deployments, the most common state-of-the-art implementation is a product that provides a secure tunnel to one or more servers—usually managed by the manufacturer as exit nodes—which then route traffic to its originally intended destination, typically on a public network like the Internet.

In enterprise wide area deployments, a common state of the art implementation is a product with digital elements that provides a secure overlay network to one or more servers that enable routing of traffic between remote restricted-use enterprise networks.
In enterprise wide area deployments, a common state-of-the-art implementation is a product with digital elements that provides a secure overlay network to one or more servers that enable routing of traffic between remote restricted-use enterprise networks.

The product consists of any client software installed as described above as well as any functionality that processes data on manufacturer-controlled infrastructure that is required for the product to operate as expected.

@@ -343,9 +343,9 @@ After establishing a tunnel, the VPN client changes configuration of the host de

(previously ### 4.3.3)

While Clause 4.1 establishes that any node within a VPN network may dynamically fulfill various operational roles, the terms "VPN server" and "VPN gateway" are used to describe nodes primarily dedicated to aggregation, routing, and access control.
While Clause 4.1 establishes that any node within a VPN network may dynamically fulfill various operational roles, the terms VPN server and VPN gateway are used to describe nodes primarily dedicated to aggregation, routing, and access control.

A **VPN server** is responsible for maintaining secure tunnels between multiple VPN clients and the traffic destinations the clients are requesting. It typically enforces centralized authentication, authorization, and traffic filtering policies. In decentralized or mesh VPN architectures, a "server" is not necessarily a dedicated, centralized appliance; rather, it is a logical role that any authorized peer node can assume to route traffic or act as an exit node for other peers.
A **VPN server** is responsible for maintaining secure tunnels between multiple VPN clients and the traffic destinations the clients are requesting. It typically enforces centralized authentication, authorization, and traffic filtering policies. In decentralized or mesh VPN architectures, a server is not necessarily a dedicated, centralized appliance; rather, it is a logical role that any authorized peer node can assume to route traffic or act as an exit node for other peers.

A **VPN gateway** specifically fulfills the gateway role, acting as the secure bridge between the restricted-use VPN network and external networks, such as a private corporate intranet or the public internet.

@@ -373,7 +373,7 @@ There are various types of devices, but they all share that the firewall is mana
* **Network devices**: VPN products are often deployed on network devices to tunnel traffic to remote endpoints. Such network devices (for example a router) are usually located on the edge between a private and public network and thus exposed to internal as well as external attack surfaces. A firewall is usually included by the underlying OS or hardware system for such network devices.
* **Internet of Things, Consumer Gadgets and Appliances**: VPN products could be deployed on IoT devices, consumer gadgets, TVs or other appliances where the product is bound to the security model of the device hardware and operating system. The device might lack proper hardware security modules, firewall support, or enforce a relaxed security model (for example requiring the product to run as root without proper isolation between applications and users). Such devices are usually placed in private networks.
* **Consumer Devices**: VPN products are often deployed on consumer devices such as tablets, computers, mobile devices or laptops of various operating systems. The product is bound to the security model of the hardware and operating system. While such devices usually support firewalls and proper user isolation, the actual security configuration of such systems depends on the security awareness of the operating administrating user and the configuration limitations of the underlying system. Consumer devices are located in private networks. 
* **Managed Endpoints**: Managed endpoints are professionally managed instances which are usually located on a physical or virtual server in a data center. While the firewall configuration is done by the administrating user, this user is assumed to have advanced security knowledge. Further, the server is usually located in an access restricted data center which transfers physical risk (for example memory snapshotting or injections) to the data center provider. 
* **Managed Endpoints**: Managed endpoints are professionally managed instances which are usually located on a physical or virtual server in a data centre. While the firewall configuration is done by the administrating user, this user is assumed to have advanced security knowledge. Further, the server is usually located in an access restricted data centre which transfers physical risk (for example memory snapshotting or injections) to the data centre provider. 


Devices might be located in insecure networks, which could include one or even a combination of the following networks: 
@@ -407,7 +407,7 @@ A VPN product runs on a node in the context of an operating system, as an applic
* Encryption
* Application support
* Packet filtering
* Denial of service protection
* Denial-of-service protection
* Software installation and update
* Payload traffic validation [\[i.13\]](#_ref_i.13)

@@ -594,7 +594,7 @@ Once the present document is cited in the Official Journal of the European Union
**Requirement Conditionality:**

**U/C** Indicates whether the requirement is unconditionally applicable (U) or is conditional upon the manufacturer's claimed functionality of the equipment (C).  
**Condition** Explains the conditions when the requirement is or is not applicable for a requirement which is classified "conditional".  
**Condition** Explains the conditions when the requirement is or is not applicable for a requirement which is classified conditional.  

Presumption of conformity stays valid only as long as a reference to the present document is maintained in the list published in the Official Journal of the European Union. Users of the present document should consult frequently the latest list published in the Official Journal of the European Union.

@@ -618,7 +618,7 @@ _Use technical language and focus what is relevant from a product perspective_

## B.0 Introduction

This Annex applies state of the art methodology to identify threats and identify & evaluate risks based on product use cases.
This Annex applies state-of-the-art methodology to identify threats and identify & evaluate risks based on product use cases.

## B.1 Assets

@@ -887,7 +887,7 @@ Mitigations for Impact:

### C.4.6 TH-RDOS: Denial of service on remote data processing

Attacker launches denial of service attack on remote data processing solution.
Attacker launches denial-of-service attack on remote data processing solution.

**Table C.4.6-1: Denial of service on remote data processing**

@@ -1496,7 +1496,7 @@ _Editor's note: this table must be updated before the draft can be considered Fi

_This Annex is optional and may be referred to from the Introduction of the document to provide more information on how to implement the standard._

# Annex K (normative): Generic requirements and assessment criteria for the use of state of the art cryptography
# Annex K (normative): Generic requirements and assessment criteria for the use of state-of-the-art cryptography

::include{file=clauses/K.Cryptography.md}

+12 −12

File changed.

Preview size limit exceeded, changes collapsed.

+4 −4
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ The assessment criteria for each security requirements are described in a struct

  - Test environment: Describe the hardware, software, and network setup used for the assessment, including versions, topology, and any relevant dependencies.
  - Preconditions: Specify any configurations, credentials, or operational states that should be established before the test (e.g. product initialized, certificates loaded, user roles created).
  - Required tools: Identify the tools or software necessary to perform the assessment (e.g. vulnerability scanners, protocol fuzzers, traffic analyzers, static code analyzers, cryptographic test suites).
  - Required tools: Identify the tools or software necessary to perform the assessment (e.g. vulnerability scanners, protocol fuzzers, traffic analysers, static code analysers, cryptographic test suites).

<mark>Editor's Note: Precisely reference individual tools or include an unambiguous characterization by way of tool capabilities to ensure consistent tool application. For instance, "state-of-the-art vulnerability scanner" shall instead be replaced with "vulnerability scanner that covers all CVEs, supports credentialed and non-credentialed scans, ..."</mark>

@@ -653,7 +653,7 @@ Otherwise FAIL

#### 6.5.13.1 Objective

Prevent "rollback attacks" by rejecting previously-valid packages that contain vulnerabilities.
Prevent rollback attacks by rejecting previously-valid packages that contain vulnerabilities.

#### 6.5.13.2 Preparation

@@ -1424,7 +1424,7 @@ Confidentiality of data

#### 6.7.15.2 Preparation

Identify all specific locations (files, databases, registries, secure enclaves) where the product stores the "Confidential Elements in Scope". Document the accepted protection method applied to each location.
Identify all specific locations (files, databases, registries, secure enclaves) where the product stores the Confidential Elements in Scope. Document the accepted protection method applied to each location.

#### 6.7.15.3 Activities

@@ -1701,7 +1701,7 @@ None.

#### 6.9.5.3 Activities

Gather any data stored on the VPN server, gateway or exit node during a typical hour of use or smilate usage. Label data as personal data if any. 
Gather any data stored on the VPN server, gateway or exit node during a typical hour of use or simulate usage. Label any present Personal Data as such. 

#### 6.9.5.4 Verdict