Commit 04b954f2 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Cleaned outdated chapters and added protection requirements for data in transit and rest

Closes #145
parent fe7b809c
Loading
Loading
Loading
Loading
+2 −5
Original line number Diff line number Diff line
@@ -352,14 +352,11 @@ See [5.2.6 Role based authorisation](#526-role-based-authorisation)

* **[REQ-INGEST-0]** The product shall protect the system against data poisoning or other adversial attacks.
* **[REQ-INGEST-1]** The collected network element monitoring data shall be verifiable.
* **[REQ-INGEST-2]** The product shall protect data at rest.
* **[REQ-INGEST-3]** The product shall protect data in transit.

Every time a data is transported through an undefined connection, the product needs to be certain, that integrity and confidentiality of the data is not compromised.

Confidentiality can be achieved different ways in different scenarios.
Reflecting to [List of Risk Factors](#451-list-of-risk-factors) defined in this document, the following requirements shall be implemented.

Note that in a closed system, where the confidentiality doesn't require transport encryption, the data integrity does require at least signing of the data set with cryptographically good enough keying.

### 5.3.3 Mitigations for managed device configuration integrity and confidentiality

Push style configuration updates: