Commit 6e28eb0e authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Updated ingestion requirements

Closes #177, #337, #338, #389, #443
parent b7b649fc
Loading
Loading
Loading
Loading
+2 −5
Original line number Diff line number Diff line
@@ -386,8 +386,6 @@ How the retake of the authority is implemented is between the product and the de

### 5.2.7 Remote Data Processing Systems

<mark>AMS: August and Daniel are working on this. Skip for now.</mark>

## 5.3 Risk Mitigations

The following sections describe how technical cybersecurity requirement in previous [Section 5.2](#52-technical-cybersecurity-requirements-specifications) are mapped to the risk factors in [Section 4.5 Risk Factors](#45-risk-factors).
@@ -399,12 +397,11 @@ See [5.2.6 Role based authorisation](#526-role-based-authorisation)

### 5.3.2 Mitigations for ingested data integrity and confidentiality

* **[REQ-INGEST-0]** The product shall protect the system against data poisoning or other adversial attacks.
* **[REQ-INGEST-1]** The collected network element monitoring data shall be verifiable.
* **[REQ-INGEST-1]** The collected network element monitoring data shall be integrity and confidentiality protected.
* **[REQ-INGEST-2]** The product shall protect data at rest.
* **[REQ-INGEST-3]** The product shall protect data in transit.
* **[REQ-INGEST-4]** When data relevant to monitoring, control, or security functions is transferred over connections not controlled by the product, the product shall provide measures appropriate to the intended and reasonably foreseeable use to protect the integrity and, where required, the confidentiality of that data.

Every time a data is transported through an undefined connection, the product needs to be certain, that integrity and confidentiality of the data is not compromised.

### 5.3.3 Mitigations for managed device configuration integrity and confidentiality