Loading clauses/5.Requirements.md +31 −0 Original line number Diff line number Diff line Loading @@ -551,6 +551,37 @@ If the VPN provider claims to support IPv6, it shall provide full, native IPv6 c |------------------|----------------------| | all | IPV6-1, IPV6-2 | ### 5.2.10 **TR-CRYPT**: Use strong, VPN specific cryptography #### 5.2.10.1 Overview: TR-CRYPT The VPN provider shall use strong cryptograpy Guidance: #### 5.2.10.2 **MI-CRYPT-1**: Use a PSK The VPN provider shall use a preshared key to mitigate post-quantum decryption * Applicability: (optional, for requirements that depend on a feature) * Reference: TR-CRYPT * Objective: Confidentiality * Preparation: Obtain a configuration file from the VPN provider to setup the VPN with an open source product * Activities: Open the configuration file in an editor * Verdict: The configuration file contains a PSK or preshared key => PASS, otherwise => FAIL * Evidence: The configuration file #### 5.2.10.3 Mapping of mitigations to risk factors and security profiles | Risk factors | Requires mitigations | |----------------------|------------------------| | all | MI-CRYPT-1 | | Security Profile | Requires mitigations | |----------------------|------------------------| | all | MI-CRYPT-1 | > Copy-n-paste mitigation format ### 5.2.X **TR-XXXX**: Loading Loading
clauses/5.Requirements.md +31 −0 Original line number Diff line number Diff line Loading @@ -551,6 +551,37 @@ If the VPN provider claims to support IPv6, it shall provide full, native IPv6 c |------------------|----------------------| | all | IPV6-1, IPV6-2 | ### 5.2.10 **TR-CRYPT**: Use strong, VPN specific cryptography #### 5.2.10.1 Overview: TR-CRYPT The VPN provider shall use strong cryptograpy Guidance: #### 5.2.10.2 **MI-CRYPT-1**: Use a PSK The VPN provider shall use a preshared key to mitigate post-quantum decryption * Applicability: (optional, for requirements that depend on a feature) * Reference: TR-CRYPT * Objective: Confidentiality * Preparation: Obtain a configuration file from the VPN provider to setup the VPN with an open source product * Activities: Open the configuration file in an editor * Verdict: The configuration file contains a PSK or preshared key => PASS, otherwise => FAIL * Evidence: The configuration file #### 5.2.10.3 Mapping of mitigations to risk factors and security profiles | Risk factors | Requires mitigations | |----------------------|------------------------| | all | MI-CRYPT-1 | | Security Profile | Requires mitigations | |----------------------|------------------------| | all | MI-CRYPT-1 | > Copy-n-paste mitigation format ### 5.2.X **TR-XXXX**: Loading
