@@ -1035,9 +1035,9 @@ The product shall not collect data unnecessary for the operation of the product.
* Reference: TR-DMIN
* Requirement: **REQ-DM-0ky3f**
* Objective: Data minimization
* Preparation: Packet capture during typical hour of use and document all data sent to the VPN manufacturer
* Preparation: Packet capture during typical hour of use and document all data sent to the VPN manufacturer.
* Activities: Review the documentation of the packet capture for any form of Personal Data. Identify if any captured Personal Data originates from the tunneling functionality or is otherwise outside the documented scope of necessary authentication/access control.
* Verdict: If there is any Personal Data collected that is not strictly necessary and explicitly justified for authentication, access control, or subscription management => PASS, otherwise FAIL
* Verdict: If there is any Personal Data collected that is not strictly necessary and explicitly justified for authentication, access control, or subscription management => FAIL, otherwise PASS
* Evidence: Packet capture alongside the manufacturer's documentation justifying the necessity of any transmitted authentication data.
#### 5.2.12.4 MI-NPER-3: Minimize Personal Data required for use, service provisioning and payment (### 5.8.N DM)