Loading EN-304-621.md +8 −0 Original line number Diff line number Diff line Loading @@ -840,6 +840,14 @@ In addition, the managed device can have a configuration port, management API, f - **[REQ-AUTH-7]:** Privileged interfaces shall be protected with [5.2.4 State-of-the-art cryptographic libraries]. - **[REQ-AUTH-8]:** Audit events shall include the source of the identity if multiple sources are used. #### Machine users - **[REQ-AUTH-9]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-10]:** The product shall support machine credential rotation. - **[REQ-AUTH-11]:** The product shall implement passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-12]:** The served API desing shall support minimal access grants for the machine user if applicable. <mark>TODO: define usage of machine credentials better, consider the cli over ssh controlled scenario</mark> ### 5.2.7 Remote Data Processing Systems Loading Loading
EN-304-621.md +8 −0 Original line number Diff line number Diff line Loading @@ -840,6 +840,14 @@ In addition, the managed device can have a configuration port, management API, f - **[REQ-AUTH-7]:** Privileged interfaces shall be protected with [5.2.4 State-of-the-art cryptographic libraries]. - **[REQ-AUTH-8]:** Audit events shall include the source of the identity if multiple sources are used. #### Machine users - **[REQ-AUTH-9]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-10]:** The product shall support machine credential rotation. - **[REQ-AUTH-11]:** The product shall implement passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-12]:** The served API desing shall support minimal access grants for the machine user if applicable. <mark>TODO: define usage of machine credentials better, consider the cli over ssh controlled scenario</mark> ### 5.2.7 Remote Data Processing Systems Loading
