@@ -1007,18 +1007,6 @@ The product shall limit and fairly allocate memory usage triggered by untrusted
* Verdict: For each set of inputs, the product functions and the platform functions remain acceptably available => PASS, otherwise FAIL
* Evidence: Set of inputs, logs of measurements, explanation of availability metrics
#### 5.2.19.4 MI-FAIR: Fair resource usage
The product and supporting remote data processing services shall implement mechanisms to fairly allocate VPN system resources among multiple users.
* Applicability: VPN products with multiple users sharing infrastructure
* Reference: TR-AVAI
* Objective: Maintain service availability during denial-of-service attacks
* Preparation: Prepare several different sources of VPN traffic with varying amounts of resource usage
* Activities: While multiple sources of VPN traffic are using the VPN connection, measure the bandwidth and latency on each source of traffic
* Verdict: Each source of traffic makes steady progress without unreasonable stalls => PASS, otherwise FAIL
* Evidence: Specification of traffic sources, measurements of bandwidth and latency, analysis of bandwidth and latency
#### 5.2.19.5 MI-DOST: Document risk transfer to operational environment for denial of service
The product shall be accompanied by documentation informing the user that denial-of-service protection must be provided by the environment, in a form appropriate for a typical user for the intended purpose and reasonably foreseeable use and misuse of the product.
