Commit f221fa0b authored by Marvin Petzolt's avatar Marvin Petzolt Committed by Aki Braun
Browse files

Updated UC mapping proposal

parent 0179e761
Loading
Loading
Loading
Loading
+63 −63
Original line number Diff line number Diff line
@@ -1381,7 +1381,7 @@ _Editor's note: this table must be updated before the draft can be considered Fi
| **REQ-SSD-05 (MI-IMSL)** |          |          |    x¹    |    x¹    |    x¹    |    x¹    |    x¹    |
| **REQ-SSD-06 (MI-SCFS)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-KEV-02 (MI-KEVT)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-SBD-02 (MI-CONF-5)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-SBD-02 (MI-CONF-5)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-SU-02 (MI-KEVD)** |    x²    |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-SU-03 (MI-KEVA)** |    x²    |    x     |    x     |          |          |          |    x     |
| **REQ-SU-04 (MI-KEVE)** |          |          |          |          |    x     |    x     |          |
@@ -1399,54 +1399,54 @@ _Editor's note: this table must be updated before the draft can be considered Fi
| **REQ-SU-16 (MI-SUMV)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-SU-17 (MI-SUED)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-AAC-02 (MI-AUTH-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-AAC-03 (MI-AUTH-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-AAC-04 (MI-AUTH-3)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-03 (MI-AUTH-2)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-AAC-04 (MI-AUTH-3)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-05 (MI-AUTH-4)** |          |          |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-06 (MI-AUTH-5)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-07 (MI-AUTH-6)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
|  **REQ-AAC-08 (MI-AUTH-7)** |          |          |          |          |          |          |    x     |
| **REQ-AAC-08 (MI-AUTH-7)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-09 (MI-TRAF-5)** |          |          |          |          |          |          |    x     |
|  **REQ-CON-02 (MI-ROUT-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-03 (MI-ROUT-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|   **REQ-CON-04 (MI-ROUT-3)** |    x     |    x     |    x     |    x     |          |          |          |
|  **REQ-CON-04 (MI-ROUT-3)** |    x     |    x     |    x     |          |          |          |          |
|  **REQ-CON-05 (MI-ROUT-4)** |          |          |          |          |          |          |    x     |
|  **REQ-CON-06 (MI-DNSL-1)** |          |    x     |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-07 (MI-DNSL-2)** |          |    x     |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-08 (MI-DNSL-3)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-09 (MI-DNSL-5)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-10 (MI-DNSL-6)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-10 (MI-DNSL-6)** |          |          |    x     |    x     |    x     |          |          |
|  **REQ-CON-11 (MI-DNSL-7)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-12 (MI-IPV6-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-13 (MI-IPV6-2)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-CON-14 (MI-CRYPT-1)** |          |          |    x     |    x     |    x     |          |    x     |
| **REQ-CON-14 (MI-CRYPT-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|    **REQ-CON-15 (MI-CDST)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-02 (MI-CONF-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-03 (MI-CONF-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-04 (MI-CONF-3)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-INT-05 (MI-NUTI-2)** |          |          |    x     |    x     |    x     |          |    x     |
|   **REQ-DM-02 (MI-NPER-1)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-INT-05 (MI-NUTI-2)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-DM-02 (MI-NPER-1)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-DM-03 (MI-NPER-2)** |          |          |    x     |          |          |          |          |
| **REQ-DM-04 (MI-NPER-3)** |          |          |    x     |          |          |          |          |
| **REQ-DM-05 (MI-NPER-4)** |          |          |    x     |          |          |          |          |
|     **REQ-AP-02 (MI-FDRP)** |          |    x     |    x     |    x     |    x     |          |          |
|   **REQ-AP-02 (MI-FDRP)** |    x     |    x     |    x     |    x     |    x     |          |          |
|   **REQ-AP-03 (MI-LMEM)** |          |    x     |    x     |    x     |    x     |          |          |
| **REQ-AP-04 (MI-DOST-1)** |          |    x     |    x     |    x     |    x     |          |    x     |
|   **REQ-AP-05 (MI-DOST-2)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AP-05 (MI-DOST-2)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AP-06 (MI-DOST-3)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-IM-02 (MI-EISO)** |          |          |          |          |          |          |    x     |
| **REQ-MAS-02 (MI-CONF-4)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|     **REQ-EMM-02 (MI-NUTI-1)** |          |          |    x     |    x⁵    |    x     |          |    x     |
| **REQ-EMM-02 (MI-NUTI-1)** |          |          |          |    x⁵    |    x     |          |          |
| **REQ-EMM-03 (MI-TRAF-2)** |          |    x     |          |    x⁵    |          |    x     |    x     |
| **REQ-EMM-04 (MI-TRAF-3)** |          |    x     |          |    x⁵    |          |          |    x     |
| **REQ-EMM-05 (MI-TRAF-4)** |          |    x     |          |    x⁵    |          |    x     |    x     |
|     **REQ-EMM-06 (MI-LOGG-X)** |          |          |    x     |          |          |          |          |
| **REQ-EMM-06 (MI-LOGG-X)** |          |    x     |    x     |          |          |          |          |
|     **REQ-LOG-02 (MI-LOGG-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|     **REQ-LOG-03 (MI-LOGG-2)** |          |          |    x     |    x     |    x     |          |    x     |
|     **REQ-LOG-04 (MI-LOGG-3)** |          |    x     |    x     |    x     |    x     |          |    x     |
|     **REQ-LOG-03 (MI-LOGG-2)** |          |          |          |    x     |    x     |          |          |
|     **REQ-LOG-04 (MI-LOGG-3)** |          |    x     |    x     |          |          |          |          |
|    **REQ-DRT-02 (MI-RSET)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |
|    **REQ-DRT-03 (MI-INST)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |
|    **REQ-DRT-04 (MI-SDRF)** |          |          |    x     |    x     |    x     |    x     |    x     |
|       **REQ-DRT-05 (MI-SDTR)** |          |          |    x     |    x     |    x     |    x     |    x     |
|    **REQ-DRT-05 (MI-SDTR)** |          |    x     |          |    x     |    x     |    x     |          |
|    **REQ-DRT-06 (MI-DELE)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |

¹ REQ-SSD-03 (MI-FZ95) or REQ-SSD-04 (MI-BTIN) or REQ-SSD-05 (MI-IMSL) apply
+59 −67
Original line number Diff line number Diff line
@@ -243,7 +243,7 @@ User interfaces, especially in regard to settings, shall be designed in a manner

This requirement applies to VPNs featuring user-installable software which includes a graphical user interface within the following use cases:

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -255,7 +255,7 @@ This requirement applies to VPNs featuring user-installable software which inclu

|           **Requirements** | **UC-1** | **UC-2** | **UC-3** | **UC-4** | **UC-5** | **UC-6** | **UC-7** |
|---------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
| **REQ-SBD-02 (MI-CONF-5)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-SBD-02 (MI-CONF-5)** |    x     |    x     |    x     |    x     |    x     |          |    x     |

## 5.5 Security updates

@@ -302,9 +302,9 @@ Of those products, use-case applicability follows:
* UC-1: REQ-SU-03 (MI-KEVA) or REQ-SU-02 (MI-KEVD) is required
* UC-2: required
* UC-3: required
* UC-4: optional
* UC-5: optional
* UC-6: optional
* UC-4: not required
* UC-5: not required
* UC-6: not required
* UC-7: required

### 5.5.4 REQ-SU-04 (MI-KEVE) Automatic secure update via administrator action before or during first use
@@ -655,7 +655,7 @@ The VPN client shall by default encrypt all transmitted user credentials or sens

#### 5.6.3.2 Applicability

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -671,7 +671,7 @@ The VPN client, server, or other nodes shall not use session credentials with in

#### 5.6.4.2 Applicability

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -746,11 +746,11 @@ A node shall only allow connections from authorized endpoints.

#### 5.6.8.2 Applicability

* UC-1: not required
* UC-2: not required
* UC-3: not required
* UC-4: not required
* UC-5: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-7: required

@@ -777,12 +777,12 @@ This requirement applies to VPNs that utilize mesh networking.
|           **Requirements** | **UC-1** | **UC-2** | **UC-3** | **UC-4** | **UC-5** | **UC-6** | **UC-7** |
|---------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
| **REQ-AAC-02 (MI-AUTH-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-AAC-03 (MI-AUTH-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-AAC-04 (MI-AUTH-3)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-03 (MI-AUTH-2)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-AAC-04 (MI-AUTH-3)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-05 (MI-AUTH-4)** |          |          |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-06 (MI-AUTH-5)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-07 (MI-AUTH-6)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-08 (MI-AUTH-7)** |          |          |          |          |          |          |    x     |
| **REQ-AAC-08 (MI-AUTH-7)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AAC-09 (MI-TRAF-5)** |          |          |          |          |          |          |    x     |

## 5.7 Confidentiality protection
@@ -867,12 +867,9 @@ The product shall ensure that when the connection to the VPN server is lost at t
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-4: not required
* UC-5: not required
* UC-6: not required

[//]: # (TODO shouldn't this be required for mesh networks?)

* UC-7: not required

### 5.7.5 REQ-CON-05 (MI-ROUT-4) Endpoint to endpoint encryption
@@ -976,7 +973,7 @@ The VPN client shall block or notify users of potential VPN bypass via encrypted
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-7: required
* UC-7: not required

### 5.7.11 REQ-CON-11 (MI-DNSL-7) No DNS leaks during network-level tunnel failure

@@ -1040,12 +1037,12 @@ The product shall use cryptographic primitives and parameters as defined in Anne

#### 5.7.14.1 Applicability

* UC-1: not required
* UC-2: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-6: required
* UC-7: required

### 5.7.15 REQ-CON-15 (MI-CDST) Protect confidentiality of data stored on the product
@@ -1085,17 +1082,17 @@ Depending on the data type and operational environment, the product shall protec
|----------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
|  **REQ-CON-02 (MI-ROUT-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-03 (MI-ROUT-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-04 (MI-ROUT-3)** |    x     |    x     |    x     |    x     |          |          |          |
|  **REQ-CON-04 (MI-ROUT-3)** |    x     |    x     |    x     |          |          |          |          |
|  **REQ-CON-05 (MI-ROUT-4)** |          |          |          |          |          |          |    x     |
|  **REQ-CON-06 (MI-DNSL-1)** |          |    x     |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-07 (MI-DNSL-2)** |          |    x     |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-08 (MI-DNSL-3)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-09 (MI-DNSL-5)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-10 (MI-DNSL-6)** |          |          |    x     |    x     |    x     |          |    x     |
|  **REQ-CON-10 (MI-DNSL-6)** |          |          |    x     |    x     |    x     |          |          |
|  **REQ-CON-11 (MI-DNSL-7)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-12 (MI-IPV6-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|  **REQ-CON-13 (MI-IPV6-2)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-CON-14 (MI-CRYPT-1)** |          |          |    x     |    x     |    x     |          |    x     |
| **REQ-CON-14 (MI-CRYPT-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|    **REQ-CON-15 (MI-CDST)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |

## 5.8 Integrity protection
@@ -1168,12 +1165,12 @@ The VPN client and server shall implement data validity checks on all incoming p

#### 5.8.5.2 Applicability

* UC-1: not required
* UC-2: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-6: required
* UC-7: required

### 5.8.N Mapping of requirements to use cases
@@ -1183,7 +1180,7 @@ The VPN client and server shall implement data validity checks on all incoming p
| **REQ-INT-02 (MI-CONF-1)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-03 (MI-CONF-2)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-04 (MI-CONF-3)** |          |    x     |    x     |    x     |    x     |    x     |    x     |
| **REQ-INT-05 (MI-NUTI-2)** |          |          |    x     |    x     |    x     |          |    x     |
| **REQ-INT-05 (MI-NUTI-2)** |    x     |    x     |    x     |    x     |    x     |          |    x     |

## 5.9 Data minimization

@@ -1285,7 +1282,7 @@ The product shall check network traffic from untrusted sources for validity and

#### 5.10.2.2 Applicability

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -1303,12 +1300,12 @@ The product shall limit and fairly allocate memory usage triggered by untrusted

#### 5.10.3.2 Applicability

* UC-1: required
* UC-2: not required
* UC-3: not required
* UC-4: not required
* UC-5: not required
* UC-6: required
* UC-1: not required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-7: required

### 5.10.4 REQ-AP-04 (MI-DOST-1) Document risk transfer to operational environment for denial of service
@@ -1336,7 +1333,7 @@ The product shall rate limit traffic from unauthenticated endpoints to nodes.

#### 5.10.5.2 Applicability

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -1356,7 +1353,6 @@ The product shall support multiple nodes which act as possible alternative fallb

#### 5.10.6.2 Applicability

[//]: # (TODO: manufacturers please review/edit applicability statement if needed)

This requirement applies to all products within the below use cases, _except_ products which rely on a single node or dedicated IP address.

@@ -1366,7 +1362,7 @@ This requirement applies to all products within the below use cases, _except_ pr
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-7: required
* UC-7: not required

### 5.10.N Mapping of requirements to use cases

@@ -1374,10 +1370,10 @@ This requirement applies to all products within the below use cases, _except_ pr

|          **Requirements** | **UC-1** | **UC-2** | **UC-3** | **UC-4** | **UC-5** | **UC-6** | **UC-7** |
|--------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
|   **REQ-AP-02 (MI-FDRP)** |          |    x     |    x     |    x     |    x     |          |          |
|   **REQ-AP-02 (MI-FDRP)** |    x     |    x     |    x     |    x     |    x     |          |          |
|   **REQ-AP-03 (MI-LMEM)** |          |    x     |    x     |    x     |    x     |          |          |
| **REQ-AP-04 (MI-DOST-1)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AP-05 (MI-DOST-2)** |          |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AP-05 (MI-DOST-2)** |    x     |    x     |    x     |    x     |    x     |          |    x     |
| **REQ-AP-06 (MI-DOST-3)** |          |    x     |    x     |    x     |    x     |          |    x     |

## 5.11 Non-interference
@@ -1424,9 +1420,8 @@ VPN clients shall not require unnecessary permissions.

#### 5.12.2.2 Applicability

[//]: # (TODO i think this should be required for UC-1)

* UC-1: not required
* UC-1: required
* UC-2: required
* UC-3: required
* UC-4: required
@@ -1463,11 +1458,11 @@ In addition to protecting data transiting the VPN from typical attacks, it is im

* UC-1: not required
* UC-2: not required
* UC-3: required
* UC-3: not required
* UC-4: REQ-EMM-02 (MI-NUTI-1) OR (REQ-EMM-03 (MI-TRAF-2) AND REQ-EMM-04 (MI-TRAF-3) AND REQ-EMM-05 (MI-TRAF-4)) apply
* UC-5: required
* UC-6: not required
* UC-7: required
* UC-7: not required

### 5.13.3 REQ-EMM-03 (MI-TRAF-2) Route traffic from other sources/destination disabled by default

@@ -1515,7 +1510,6 @@ The VPN client shall not require routing of traffic from sources/destinations ot
* UC-2: required
* UC-3: not required
* UC-4: REQ-EMM-02 (MI-NUTI-1) OR (this requirement (REQ-EMM-05 (MI-TRAF-4)) AND REQ-EMM-03 (MI-TRAF-2) AND REQ-EMM-04 (MI-TRAF-3)) apply
* UC-4: not required
* UC-5: not required
* UC-6: required
* UC-7: required
@@ -1531,10 +1525,8 @@ The VPN client shall not require routing of traffic from sources/destinations ot

#### 5.13.6.2 Applicability

[//]: # (TODO reassess applicability)

* UC-1: not required
* UC-2: not required
* UC-2: required
* UC-3: required
* UC-4: not required
* UC-5: not required
@@ -1545,11 +1537,11 @@ The VPN client shall not require routing of traffic from sources/destinations ot

|           **Requirements** | **UC-1** | **UC-2** | **UC-3** | **UC-4** | **UC-5** | **UC-6** | **UC-7** |
|---------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
| **REQ-EMM-02 (MI-NUTI-1)** |          |          |    x     |    x⁵    |    x     |          |    x     |
| **REQ-EMM-02 (MI-NUTI-1)** |          |          |          |    x⁵    |    x     |          |          |
| **REQ-EMM-03 (MI-TRAF-2)** |          |    x     |          |    x⁵    |          |    x     |    x     |
| **REQ-EMM-04 (MI-TRAF-3)** |          |    x     |          |    x⁵    |          |          |    x     |
| **REQ-EMM-05 (MI-TRAF-4)** |          |    x     |          |    x⁵    |          |    x     |    x     |
| **REQ-EMM-06 (MI-LOGG-X)** |          |          |    x     |          |          |          |          |
| **REQ-EMM-06 (MI-LOGG-X)** |          |    x     |    x     |          |          |          |          |

⁵ REQ-EMM-02 (MI-NUTI-1) or (REQ-EMM-03 (MI-TRAF-2) and REQ-EMM-04 (MI-TRAF-3) and REQ-EMM-05 (MI-TRAF-4)) apply

@@ -1606,15 +1598,15 @@ The log messages shall not include any confidential information such as Personal

#### 5.14.3.2 Applicability

This requirement is dependent on the product's intended use case, mandatory only for use cases defined by higher-risk or enterprise profiles where centralized log management is a standard security expectation.
This requirement is dependent on the product's intended use case, mandatory only for use cases where centralized log management is a standard security expectation.

* UC-1: not required
* UC-2: not required
* UC-3: required
* UC-3: not required
* UC-4: required
* UC-5: required
* UC-6: not required
* UC-7: required
* UC-7: not required

#### 5.14.3.3 Guidance

@@ -1632,18 +1624,18 @@ One type of event for which log messages must take care to not accidentally incl
* UC-1: not required
* UC-2: required
* UC-3: required
* UC-4: required
* UC-5: required
* UC-4: not required
* UC-5: not required
* UC-6: not required
* UC-7: required
* UC-7: not required

### 5.14.N Mapping of requirements to use cases

|               **Requirements** | **UC-1** | **UC-2** | **UC-3** | **UC-4** | **UC-5** | **UC-6** | **UC-7** |
|-------------------------------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|:--------:|
|     **REQ-LOG-02 (MI-LOGG-1)** |    x     |    x     |    x     |    x     |    x     |    x     |    x     |
|     **REQ-LOG-03 (MI-LOGG-2)** |          |          |    x     |    x     |    x     |          |    x     |
|     **REQ-LOG-04 (MI-LOGG-3)** |          |    x     |    x     |    x     |    x     |          |    x     |
|     **REQ-LOG-03 (MI-LOGG-2)** |          |          |          |    x     |    x     |          |          |
|     **REQ-LOG-04 (MI-LOGG-3)** |          |    x     |    x     |          |          |          |          |

## 5.15 Factory reset and data portability

@@ -1695,7 +1687,7 @@ This requirement applies to products with the capability for the user to write d

#### 5.15.4.1 Requirement

The product shall provide a method by which an authorized user can securely read all data and settings from the product.
The VPN client shall provide a method by which an authorized user can securely read all data and settings from the VPN client.

#### 5.15.4.2 Applicability

@@ -1720,17 +1712,17 @@ This requirement applies to products with the capability for the user to write d

#### 5.15.5.2 Applicability

This requirement applies to products with the capability for the user to write data and/or settings, and manufacturer support of exporting of that data to an external file. This requirement is strictly applicable to use cases where an IT professional can reasonably be expected to administer the product.
This requirement applies to products with the capability for the user to write data and/or settings, and manufacturer support of exporting of that data to an external file. This requirement is strictly applicable to use cases where an IT professional or advanced user can reasonably be expected to administer the product.

Of the above described products, this requirement applies to products that fall within the following use cases

* UC-1: not required
* UC-2: not required
* UC-3: required
* UC-2: required
* UC-3: not required
* UC-4: required
* UC-5: required
* UC-6: required
* UC-7: required
* UC-7: not required

### 5.15.6 REQ-DRT-06 (MI-DELE) Secure deletion via secure deletion function

@@ -1755,7 +1747,7 @@ The product shall reset to its secure-by-default state after the secure deletion
|    **REQ-DRT-02 (MI-RSET)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |
|    **REQ-DRT-03 (MI-INST)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |
|    **REQ-DRT-04 (MI-SDRF)** |          |          |    x     |    x     |    x     |    x     |    x     |
|    **REQ-DRT-05 (MI-SDTR)** |          |          |    x     |    x     |    x     |    x     |    x     |
|    **REQ-DRT-05 (MI-SDTR)** |          |    x     |          |    x     |    x     |    x     |          |
|    **REQ-DRT-06 (MI-DELE)** |          |          |    x⁶    |    x⁶    |    x⁶    |    x⁶    |    x⁶    |

⁶ REQ-DRT-02 (MI-RSET) or REQ-DRT-03 (MI-INST) or REQ-DRT-06 (MI-DELE) apply