Resolves HAS 112 & HAS 113 (eac8d767) · Commits · STAN4CRA / EN 304 620 Virtual Private Networks Part 1

EN-304-620.md

+8 −8

Original line number	Diff line number	Diff line
		@@ -601,9 +601,9 @@ Description: How complex the features necessary for the product's foreseeable us

		Rationale: More features mean more code and more interfaces mean attack surface.

		* [COM-0] Foreseeable use requires only basic features to tunnel encrypted traffic
		* [COM-1] Foreseeable use requires a few additional features related to tunnelling encrypted traffic
		* [COM-2] Foreseeable use requires many additional features
		* [COM-0] Usage requires only basic features to tunnel encrypted traffic
		* [COM-1] Usage requires a few additional features related to tunnelling encrypted traffic
		* [COM-2] Usage requires many additional features

		### C.2.10 RF-CON: Connectivity offered

		@@ -611,9 +611,9 @@ Description: Whether the VPN connects different endpoints to each other via a pr

		Rationale: Different connectivity requirements create different risks and mitigations.

		* [CON-0] Foreseeable use is a single endpoint connecting only to a public network
		* [CON-1] Foreseeable use is one or more endpoints connecting to other endpoints or hosts via a private network
		* [CON-2] Foreseeable use is multiple endpoints connecting to each other via a private network, in addition to connecting to a public network
		* [CON-0] Usage is a single endpoint connecting only to a public network
		* [CON-1] Usage is one or more endpoints connecting to other endpoints or hosts via a private network
		* [CON-2] Usage is multiple endpoints connecting to each other via a private network, in addition to connecting to a public network

		### C.2.10 RF-PER: Consequences of personally identifiable information compromise

		@@ -621,8 +621,8 @@ Description: What the consequences of an attacker acquiring Personal Data via th

		Rationale: Different consequences change the impact of compromise of Personal Data stored or transmitted by the product.

		* [PER-0] Foreseeable use is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Foreseeable use is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Usage is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Usage is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights

		## C.3 Assumptions

Original line number	Diff line number	Diff line
		@@ -601,9 +601,9 @@ Description: How complex the features necessary for the product's foreseeable us

		Rationale: More features mean more code and more interfaces mean attack surface.

		* [COM-0] Foreseeable use requires only basic features to tunnel encrypted traffic
		* [COM-1] Foreseeable use requires a few additional features related to tunnelling encrypted traffic
		* [COM-2] Foreseeable use requires many additional features
		* [COM-0] Usage requires only basic features to tunnel encrypted traffic
		* [COM-1] Usage requires a few additional features related to tunnelling encrypted traffic
		* [COM-2] Usage requires many additional features

		### C.2.10 RF-CON: Connectivity offered

		@@ -611,9 +611,9 @@ Description: Whether the VPN connects different endpoints to each other via a pr

		Rationale: Different connectivity requirements create different risks and mitigations.

		* [CON-0] Foreseeable use is a single endpoint connecting only to a public network
		* [CON-1] Foreseeable use is one or more endpoints connecting to other endpoints or hosts via a private network
		* [CON-2] Foreseeable use is multiple endpoints connecting to each other via a private network, in addition to connecting to a public network
		* [CON-0] Usage is a single endpoint connecting only to a public network
		* [CON-1] Usage is one or more endpoints connecting to other endpoints or hosts via a private network
		* [CON-2] Usage is multiple endpoints connecting to each other via a private network, in addition to connecting to a public network

		### C.2.10 RF-PER: Consequences of personally identifiable information compromise

		@@ -621,8 +621,8 @@ Description: What the consequences of an attacker acquiring Personal Data via th

		Rationale: Different consequences change the impact of compromise of Personal Data stored or transmitted by the product.

		* [PER-0] Foreseeable use is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Foreseeable use is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Usage is no or low consequences for compromise of Personal Data stored or transmitted by the product
		* [PER-1] Usage is moderate consequences for compromise of Personal Data stored or transmitted by the product, e.g. financial or reputational loss
		* [PER-0] Foreseeable use is high consequences for compromise of Personal Data stored or transmitted by the product, e.g. loss of life or human rights

		## C.3 Assumptions