WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -408,10 +408,6 @@ The VPN client shall by default be configured to route all network traffic from
* Verdict: All traffic from all applications is routed through the VPN connection.
* Evidence: Packet capture showing traffic from multiple applications going through the VPN interface.
#### 5.2.5.5 Mapping of mitigations to risk factors and security profiles
All mitigations are required for all products.
### 5.2.6 TR-CONF VPN client preserves system configuration
#### 5.2.6.1 Requirement
@@ -485,10 +481,6 @@ Guidance: The VPN product should be able to operate without a wide set of permis
* Verdict: The VPN client did not request any permissions => PASS, otherwise FAIL
* Evidence: Collected permission states, annotations of any permission requests explaining why they are more restricted/secure, log messages from tests
#### 5.2.6.6 Mapping of mitigations to risk factors and security profiles
All mitigations are required for all products.
### 5.2.7 TR-NUTI No untrusted traffic in the VPN connection
#### 5.2.7.1 Requirement
@@ -517,18 +509,6 @@ The VPN client and server shall implement data validity checks on all incoming p
* Verdict: Packet does not exit the VPN interface => PASS, otherwise FAIL
* Evidence: Malformed packets, packet capture, any log messages showing packet was dropped
#### 5.2.7.4 Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|--------------|----------------------|
| DAT < 1 | NUTI-1 |
| all others | NUTI-1, NUTI-2 |
| Security Profile | Requires mitigations |
|------------------|----------------------|
| UC-1 | NUTI-1 |
| UC-2, UC-3, UC-4 | NUTI-1, NUTI-2 |
### 5.2.8 TR-AUTH Authentication of nodes
#### 5.2.8.1 Requirement
@@ -597,18 +577,6 @@ The VPN service shall provide a method to force revocation, temporary or permane
> TODO: Write mitigation documenting that the operational environment must provide brute force protection.
#### 5.2.8.8 Mapping of mitigations to risk factors and security profiles
@@ -873,21 +803,9 @@ Guidance: VPN providers may use remote systems to handle support tickets, e-mail
* Verdict: Policy is consistent with not storing PII and samples of stored data contain no PII
* Evidence: Policy, samples of stored data, documentation of why the samples don't contain PII
#### 5.2.12.6 Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|--------------------|------------------------|
| any | NPII-1, NPII-2 |
| DAT > 1 or FUN > 1 | NPII-1, NPII-2, NPII-3 |
| Security Profile | Requires mitigations |
|----------------------|------------------------|
| UC-1, UC-2, UC-4 | NPII-1, NPII-2 |
| UC-3 | NPII-1, NPII-2, NPII-3 |
### 5.2.13 TR-IPV6 Secure IPv6 Handling
#### 5.2.13.1 Requirement6
#### 5.2.13.1 Requirement
The VPN product shall handle IPv6 traffic in a secure manner that prevents data leaks.
@@ -913,16 +831,6 @@ If the VPN provider claims to support IPv6, it shall provide full, native IPv6 c
* Verdict: The client has a globally routable IPv6 address and all tests in this standard pass over IPv6.
* Evidence: Network configuration details, packet captures, and test results for all requirements over IPv6.
#### 5.2.13.4 Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|--------------|----------------------|
| all | IPV6-1, IPV6-2 |
| Security Profile | Requires mitigations |
|------------------|----------------------|
| all | IPV6-1, IPV6-2 |
### 5.2.14 TR-CRYPT: Use strong, VPN specific cryptography
#### 5.2.14.1 Requirement
@@ -954,16 +862,6 @@ VPN encryption shall use cryptographic algorithms, keys, and parameters as descr
* Verdict: The traffic pertaining to the VPN connection uses the algorithms, keys and parameters as described in EUCC guidelines or demonstrably equivalent state-of-the-art mechanisms.
* Evidence: Packet capture showing the encryption headers.
#### 5.2.14.4 Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|----------------------|------------------------|
| all | MI-CRYPT-1, MI-CRYPT-2 |
| Security Profile | Requires mitigations |
|----------------------|------------------------|
| all | MI-CRYPT-1, MI-CRYPT-2 |
### 5.2.15 TR-LOGG: Logging and monitoring
#### 5.2.15.1 Requirement
@@ -998,7 +896,6 @@ The product shall transfer log messages indicating security-relevant internal ev
Guidance: One type of event whose log message must take care to not accidentally include a secret is failed password authentication attempts. Since people often type their password into the username field, including the username field in the log message may result in including a secret in the log message.
### 5.2.16 TR-SCDL: Secure deletion
#### 5.2.16.1 Requirement
@@ -1197,16 +1094,6 @@ _Description of mitigation in "shall" format_.
* Verdict:
* Evidence:
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
| Risk factors | Requires mitigations |
|----------------------|------------------------|
| | |
| Security Profile | Requires mitigations |
|----------------------|------------------------|
| | |
## 5.3 Security profiles
Security profiles are an informative resource to the manufacturer to allow them to appropriately evaluate risks based on use cases. All VPNs will have a baseline of security requirements regardless of the use case and environment of their product. Additional security requirements will align with the reasonably foreseeable use (and, potentially, the reasonably foreseeable mis-use) of their particular product, based on the security profile appropriate for their product.
