Move mitigation sets and security profiles into Annex C (c2f40382) · Commits · STAN4CRA / EN 304 620 Virtual Private Networks Part 1

EN-304-620-1.md

+10 −4

Original line number	Diff line number	Diff line
		@@ -992,7 +992,7 @@ Mitigations for Impact:

		* High to Low:

		### C.5. Mapping of use cases to risk factors and security profiles
		### C.5.2 Mapping of use cases to risk factors and security profiles

		\| Use case \| Description \| CFG \| AUT \| DAT \| FUN \| ADM \| RDP \| DNC \| COM \| SP \|
		\|----------\|-----------------------------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|------\|
		@@ -1001,9 +1001,15 @@ Mitigations for Impact:
		\| UC-3 \| Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 1 \| SP-3 \|
		\| UC-4 \| Small organization \| 2 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 2 \| SP-4 \|

		_Table C.TODO — Use cases mapped to risk factors and security profiles_
		_Table C.5.1 — Use cases mapped to risk factors and security profiles_

		### C.6. Mapping of security profiles to risk factors
		### C.6 Security profiles

		### C.6.1 General

		Security profiles are an informative resource to the assessor. Each security profile is associated with a collection of levels of risk factors. Security profiles will be mapped to specific mitigations for each security requirements necessary to treat the risk.

		### C.6.1 Mapping of security profiles to risk factors

		\| Security profile \| Description \| CFG \| AUT \| DAT \| FUN \| ADM \| RDP \| DNC \| COM \|
		\|------------------\|-----------------------------\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|-----\|
		@@ -1012,7 +1018,7 @@ _Table C.TODO — Use cases mapped to risk factors and security profiles_
		\| SP-3 \| Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 2 \| 2 \| 2 \| 1 \|
		\| SP-4 \| Small organization \| 2 \| 1 \| 2 \| 1 \| 0 \| 1 \| 2 \| 2 \|

		_Table C.TODO — Security profiles mapped to risk factors_
		_Table C.6.1 — Security profiles mapped to risk factors_

		# Annex D (informative): Change history

clauses/5.Requirements.md

+8 −44

Original line number	Diff line number	Diff line
		@@ -805,7 +805,7 @@ Guidance: VPN providers may use remote systems to handle support tickets, e-mail

		### 5.2.13 TR-IPV6 Secure IPv6 Handling

		#### 5.2.13.1 Requirement
		#### 5.2.13.1 Requirement6

		The VPN product shall handle IPv6 traffic in a secure manner that prevents data leaks.

		@@ -1094,49 +1094,13 @@ _Description of mitigation in "shall" format_.
		* Verdict:
		* Evidence:

		## 5.3 Security profiles

		Security profiles are an informative resource to the manufacturer to allow them to appropriately evaluate risks based on use cases. All VPNs will have a baseline of security requirements regardless of the use case and environment of their product. Additional security requirements will align with the reasonably foreseeable use (and, potentially, the reasonably foreseeable mis-use) of their particular product, based on the security profile appropriate for their product.

		The different user types have varying needs that correspond directly to the security profiles defined in the present document. A manufacturer should take these into account to ensure the product's security is proportionate to its intended use. Due to the wide variety of potential users and usages of a single VPN product, multiple security profiles may apply to a single product.

		> TODO-HAS: Update risk factors

		\| Security profile \| CFG \| AUT \| DAT \| FUN \| ADM \|
		\|------------------------------------\|-----\|-----\|-----\|-----\|-----\|
		\| SP-1 Individual consumer \| 1 \| 0 \| 0 \| 0 \| 2 \|
		\| SP-2 Privacy conscious household \| 1 \| 0 \| 1 \| 1 \| 1 \|
		\| SP-3 Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 1 \|
		\| SP-4 Small organization \| 2 \| 1 \| 1 \| 1 \| 0 \|

		_Table C.1 — Security profiles mapped to risk factors_

		> TODO-HAS: Update mitigation sets

		\| Mitigation \| SP-1 \| SP-2 \| SP-3 \| SP-4 \|
		\|-----------------------\|------\|------\|------\|------\|
		\| ROUT-1 \| Y \| Y \| Y \| Y \|
		\| CONF-1 \| Y \| Y \| Y \| Y \|
		\| CONF-2 \| Y \| Y \| Y \| Y \|
		\| CONF-3 \| Y \| Y \| Y \| Y \|
		\| NUTI-1 \| Y \| Y \| Y \| Y \|
		\| NUTI-2 \| N \| Y \| Y \| Y \|
		\| AUTH-1 \| Y \| Y \| Y \| Y \|
		\| AUTH-2 \| Y \| Y \| Y \| Y \|
		\| AUTH-3 \| N \| Y \| Y \| Y \|
		\| AUTH-4 \| N \| Y \| Y \| Y \|
		\| AUTH-5 \| N \| Y \| Y \| Y \|
		\| DNSL-1 \| Y \| Y \| Y \| N \|
		\| DNSL-2 \| Y \| Y \| Y \| Y \|
		\| DNSL-3 \| N \| Y \| Y \| N \|
		\| DNSL-4 \| N \| Y \| Y \| Y \|
		\| DNSL-5 \| N \| N \| Y \| N \|
		\| DNSL-6 \| N \| N \| Y \| N \|
		\| EISO \| Y \| Y \| Y \| Y \|
		\| TRAF-1 \| N \| N \| Y \| N \|
		\| TRAF-(1 or 2 & 3 & 4) \| Y \| Y \| N \| Y \|

		_Table C.2 — Security profiles mapped to mitigations_
		## 5.3 Risk Mitigation Sets

		### 5.3.1 Introduction

		This clause lists all the mitigations necessary to meet requirements for each security profile.

		> TODO-HAS: Fill out risk mitigation sets

		> TODO-HAS: Turn below threats into formal threats and mitigations

Original line number	Diff line number	Diff line
		@@ -805,7 +805,7 @@ Guidance: VPN providers may use remote systems to handle support tickets, e-mail

		### 5.2.13 TR-IPV6 Secure IPv6 Handling

		#### 5.2.13.1 Requirement
		#### 5.2.13.1 Requirement6

		The VPN product shall handle IPv6 traffic in a secure manner that prevents data leaks.

		@@ -1094,49 +1094,13 @@ _Description of mitigation in "shall" format_.
		* Verdict:
		* Evidence:

		## 5.3 Security profiles

		Security profiles are an informative resource to the manufacturer to allow them to appropriately evaluate risks based on use cases. All VPNs will have a baseline of security requirements regardless of the use case and environment of their product. Additional security requirements will align with the reasonably foreseeable use (and, potentially, the reasonably foreseeable mis-use) of their particular product, based on the security profile appropriate for their product.

		The different user types have varying needs that correspond directly to the security profiles defined in the present document. A manufacturer should take these into account to ensure the product's security is proportionate to its intended use. Due to the wide variety of potential users and usages of a single VPN product, multiple security profiles may apply to a single product.

		> TODO-HAS: Update risk factors

		\| Security profile \| CFG \| AUT \| DAT \| FUN \| ADM \|
		\|------------------------------------\|-----\|-----\|-----\|-----\|-----\|
		\| SP-1 Individual consumer \| 1 \| 0 \| 0 \| 0 \| 2 \|
		\| SP-2 Privacy conscious household \| 1 \| 0 \| 1 \| 1 \| 1 \|
		\| SP-3 Journalist or activist \| 1 \| 1 \| 2 \| 2 \| 1 \|
		\| SP-4 Small organization \| 2 \| 1 \| 1 \| 1 \| 0 \|

		_Table C.1 — Security profiles mapped to risk factors_

		> TODO-HAS: Update mitigation sets

		\| Mitigation \| SP-1 \| SP-2 \| SP-3 \| SP-4 \|
		\|-----------------------\|------\|------\|------\|------\|
		\| ROUT-1 \| Y \| Y \| Y \| Y \|
		\| CONF-1 \| Y \| Y \| Y \| Y \|
		\| CONF-2 \| Y \| Y \| Y \| Y \|
		\| CONF-3 \| Y \| Y \| Y \| Y \|
		\| NUTI-1 \| Y \| Y \| Y \| Y \|
		\| NUTI-2 \| N \| Y \| Y \| Y \|
		\| AUTH-1 \| Y \| Y \| Y \| Y \|
		\| AUTH-2 \| Y \| Y \| Y \| Y \|
		\| AUTH-3 \| N \| Y \| Y \| Y \|
		\| AUTH-4 \| N \| Y \| Y \| Y \|
		\| AUTH-5 \| N \| Y \| Y \| Y \|
		\| DNSL-1 \| Y \| Y \| Y \| N \|
		\| DNSL-2 \| Y \| Y \| Y \| Y \|
		\| DNSL-3 \| N \| Y \| Y \| N \|
		\| DNSL-4 \| N \| Y \| Y \| Y \|
		\| DNSL-5 \| N \| N \| Y \| N \|
		\| DNSL-6 \| N \| N \| Y \| N \|
		\| EISO \| Y \| Y \| Y \| Y \|
		\| TRAF-1 \| N \| N \| Y \| N \|
		\| TRAF-(1 or 2 & 3 & 4) \| Y \| Y \| N \| Y \|

		_Table C.2 — Security profiles mapped to mitigations_
		## 5.3 Risk Mitigation Sets

		### 5.3.1 Introduction

		This clause lists all the mitigations necessary to meet requirements for each security profile.

		> TODO-HAS: Fill out risk mitigation sets

		> TODO-HAS: Turn below threats into formal threats and mitigations

Admin message