Commit 6e1d0825 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Added requirement ID for a shall

Closes #104 HAS43
parent 3ec72d80
Loading
Loading
Loading
Loading
+5 −3
Original line number Diff line number Diff line
@@ -178,7 +178,8 @@ NMS authorises the query based on the role and identity of the device.

### 5.2.3 Network segmentation

Network segmentation is encouraged to be used where applicable. The best practise is to use dedicated network segment for network management traffic.
Network segmentation is encouraged to be used where applicable.
The best practise is to use dedicated network segment for network management traffic.
Management traffic can be configuration updates, encryption keys, software updates, and others alike.

ZeroTrust routing is also encouraged where applicable.
@@ -187,10 +188,11 @@ ZeroTrust routing is also encouraged where applicable.

### 5.2.4 State-of-the-art cryptographic libraries

Cryptographic libraries, primitivies and constructions shall follow ENISA's Agreed Cryptographic Mechanisms[\[1\]](#_ref_1).
* **[REQ-CRYPTO-8]** Cryptographic libraries, primitivies and constructions shall follow ENISA's Agreed Cryptographic Mechanisms[\[1\]](#_ref_1).

Any designs that are not fit for use-case may only be enabled after the user has been sufficiently informed of the security consequences in a manner that takes the use-case into account.

* **[REQ-CRYPTO-8]** The product shall enable by default only the recommended designs that are fit for use-case.
* **[REQ-CRYPTO-9]** The product shall enable by default only the recommended designs that are fit for use-case.

As an example, when using TLS to protect the transport, only TLS v1.3 shall be used with one of the three cipher suites: TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256 or TLS_AES_128_CCM_SHA256.