Downsized the table (7cba4513) · Commits · STAN4CRA / EN 304 621 Network Management Systems

EN-304-621_revised_structure.md

+17 −68

Original line number	Diff line number	Diff line
		@@ -1187,74 +1187,23 @@ Once the present document is cited in the Official Journal of the European Union

		Table A.1: Relationship between the present document and<br />the requirements of Regulation (EU) 2024/2847 - the Cyber Resilience Act<a name="table_A.1"></a>

		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Description \| Requirements of Regulation \| Clause(s) of the present document \| U/C \| Condition \|
		+:========================+:=================================================================================+:==================================+:====+:======================================================================+
		\| Annex I, Part 1, (1) \| "Products with digital elements shall be designed, developed and produced in \| Clause 5 \| C \| See mapping table on the applicability of the technical cybersecurity \|
		\| \| such a way that they ensure an appropriate\ \| \| \| requirements in clause 5.1 \|
		\| \| level of cybersecurity based on the risks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(a) \| "Products with digital elements shall be made available on the market without \| Clause 5.2 \| U/C \| \|
		\| \| known exploitable vulnerabilities." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(b) \| "Products with digital elements shall be made available on the market with a \| Clause 5.3 \| U/C \| \|
		\| \| secure by default configuration, unless otherwise agreed between manufacturer \| \| \| \|
		\| \| and business user in relation to a tailor-made product with digital elements, \| \| \| \|
		\| \| including the possibility to reset the product to its original state." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(c) \| "Products with digital elements shall ensure that vulnerabilities can be \| Clause 5.4 \| U/C \| \|
		\| \| addressed through security updates, including, where applicable, through \| \| \| \|
		\| \| automatic security updates that are installed within an appropriate timeframe \| \| \| \|
		\| \| enabled as a default setting, with a clear and easy-to-use opt-out mechanism, \| \| \| \|
		\| \| through the notification of available updates to users, and the option to \| \| \| \|
		\| \| temporarily postpone them" \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(d) \| "Products with digital elements shall ensure protection from unauthorised access \| Clause 5.5 \| U/C \| \|
		\| \| by appropriate control mechanisms, including but not limited to authentication, \| \| \| \|
		\| \| identity or access management systems, and report on possible unauthorised \| \| \| \|
		\| \| access" \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(e) \| "Products with digital elements shall protect the confidentiality of stored, \| Clause 5.6 \| U/C \| \|
		\| \| transmitted or otherwise processed data, personal or other, such as by \| \| \| \|
		\| \| encrypting relevant data at rest or in transit by best practice mechanisms, and \| \| \| \|
		\| \| by using other technical means." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(f) \| "Products with digital elements shall protect the integrity of stored, \| Clause 5.7 \| U/C \| \|
		\| \| transmitted or otherwise processed data, personal or other, commands, programs \| \| \| \|
		\| \| and configuration against any manipulation or modification not authorised by the \| \| \| \|
		\| \| user, and report on corruptions." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(g) \| "Products with digital elements shall process only data, personal or other, that \| Clause 5.8 \| U/C \| \|
		\| \| are adequate, relevant and limited to what is necessary in relation to the \| \| \| \|
		\| \| intended purpose of the product with digital elements (data minimisation)." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(h) \| "Products with digital elements shall protect the availability of essential and \| Clause 5.9 \| U/C \| \|
		\| \| basic functions, also after an incident, including through resilience and \| \| \| \|
		\| \| mitigation measures against denial-of-service attacks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(i) \| "Products with digital elements shall minimise the negative impact by the \| Clause 5.10 \| U/C \| \|
		\| \| products themselves or connected products on the availability of services \| \| \| \|
		\| \| provided by other products or networks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(j) \| "Products with digital elements shall be designed, developed and produced to \| Clause 5.11 \| U/C \| \|
		\| \| limit attack surfaces, including external interfaces." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(k) \| "Products with digital elements shall be designed, developed and produced to \| Clause 5.12 \| U/C \| \|
		\| \| reduce the impact of an incident using appropriate exploitation mitigation \| \| \| \|
		\| \| mechanisms and techniques." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(l) \| "Products with digital elements shall provide security related information by \| Clause 5.13 \| U/C \| \|
		\| \| recording and monitoring relevant internal activity, including the access to or \| \| \| \|
		\| \| modification of data, services or functions, with an opt-out mechanism for the \| \| \| \|
		\| \| user." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(m) \| "Products with digital elements shall provide the possibility for users to \| Clause 5.14 \| U/C \| \|
		\| \| securely and easily remove on a permanent basis all data and settings and, where \| \| \| \|
		\| \| such data can be transferred to other products or systems, ensure that this is \| \| \| \|
		\| \| done in a secure manner." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 2 \| \| Clause 5.15 \| U \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Description \| Clause(s) of the present document \| U/C \|
		\| ----------------------- \| --------------------------------- \| --- \|
		\| Annex I, Part 1, (1) \| Clause 5 \| C \|
		\| Annex I, Part 1, (2)(a) \| Clause 5.2 \| U/C \|
		\| Annex I, Part 1, (2)(b) \| Clause 5.3 \| U/C \|
		\| Annex I, Part 1, (2)(c) \| Clause 5.4 \| U/C \|
		\| Annex I, Part 1, (2)(d) \| Clause 5.5 \| U/C \|
		\| Annex I, Part 1, (2)(e) \| Clause 5.6 \| U/C \|
		\| Annex I, Part 1, (2)(f) \| Clause 5.7 \| U/C \|
		\| Annex I, Part 1, (2)(g) \| Clause 5.8 \| U/C \|
		\| Annex I, Part 1, (2)(h) \| Clause 5.9 \| U/C \|
		\| Annex I, Part 1, (2)(i) \| Clause 5.10 \| U/C \|
		\| Annex I, Part 1, (2)(j) \| Clause 5.11 \| U/C \|
		\| Annex I, Part 1, (2)(k) \| Clause 5.12 \| U/C \|
		\| Annex I, Part 1, (2)(l) \| Clause 5.13 \| U/C \|
		\| Annex I, Part 1, (2)(m) \| Clause 5.14 \| U/C \|
		\| Annex I, Part 2 \| Clause 5.15 \| U \|

		> NOTE 1: The table cannot indicate direct relationship between the relevant legal requirement and _other_ standards or normative clauses contained in _other_ standards.

Original line number	Diff line number	Diff line
		@@ -1187,74 +1187,23 @@ Once the present document is cited in the Official Journal of the European Union

		Table A.1: Relationship between the present document and<br />the requirements of Regulation (EU) 2024/2847 - the Cyber Resilience Act<a name="table_A.1"></a>

		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Description \| Requirements of Regulation \| Clause(s) of the present document \| U/C \| Condition \|
		+:========================+:=================================================================================+:==================================+:====+:======================================================================+
		\| Annex I, Part 1, (1) \| "Products with digital elements shall be designed, developed and produced in \| Clause 5 \| C \| See mapping table on the applicability of the technical cybersecurity \|
		\| \| such a way that they ensure an appropriate\ \| \| \| requirements in clause 5.1 \|
		\| \| level of cybersecurity based on the risks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(a) \| "Products with digital elements shall be made available on the market without \| Clause 5.2 \| U/C \| \|
		\| \| known exploitable vulnerabilities." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(b) \| "Products with digital elements shall be made available on the market with a \| Clause 5.3 \| U/C \| \|
		\| \| secure by default configuration, unless otherwise agreed between manufacturer \| \| \| \|
		\| \| and business user in relation to a tailor-made product with digital elements, \| \| \| \|
		\| \| including the possibility to reset the product to its original state." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(c) \| "Products with digital elements shall ensure that vulnerabilities can be \| Clause 5.4 \| U/C \| \|
		\| \| addressed through security updates, including, where applicable, through \| \| \| \|
		\| \| automatic security updates that are installed within an appropriate timeframe \| \| \| \|
		\| \| enabled as a default setting, with a clear and easy-to-use opt-out mechanism, \| \| \| \|
		\| \| through the notification of available updates to users, and the option to \| \| \| \|
		\| \| temporarily postpone them" \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(d) \| "Products with digital elements shall ensure protection from unauthorised access \| Clause 5.5 \| U/C \| \|
		\| \| by appropriate control mechanisms, including but not limited to authentication, \| \| \| \|
		\| \| identity or access management systems, and report on possible unauthorised \| \| \| \|
		\| \| access" \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(e) \| "Products with digital elements shall protect the confidentiality of stored, \| Clause 5.6 \| U/C \| \|
		\| \| transmitted or otherwise processed data, personal or other, such as by \| \| \| \|
		\| \| encrypting relevant data at rest or in transit by best practice mechanisms, and \| \| \| \|
		\| \| by using other technical means." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(f) \| "Products with digital elements shall protect the integrity of stored, \| Clause 5.7 \| U/C \| \|
		\| \| transmitted or otherwise processed data, personal or other, commands, programs \| \| \| \|
		\| \| and configuration against any manipulation or modification not authorised by the \| \| \| \|
		\| \| user, and report on corruptions." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(g) \| "Products with digital elements shall process only data, personal or other, that \| Clause 5.8 \| U/C \| \|
		\| \| are adequate, relevant and limited to what is necessary in relation to the \| \| \| \|
		\| \| intended purpose of the product with digital elements (data minimisation)." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(h) \| "Products with digital elements shall protect the availability of essential and \| Clause 5.9 \| U/C \| \|
		\| \| basic functions, also after an incident, including through resilience and \| \| \| \|
		\| \| mitigation measures against denial-of-service attacks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(i) \| "Products with digital elements shall minimise the negative impact by the \| Clause 5.10 \| U/C \| \|
		\| \| products themselves or connected products on the availability of services \| \| \| \|
		\| \| provided by other products or networks." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(j) \| "Products with digital elements shall be designed, developed and produced to \| Clause 5.11 \| U/C \| \|
		\| \| limit attack surfaces, including external interfaces." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(k) \| "Products with digital elements shall be designed, developed and produced to \| Clause 5.12 \| U/C \| \|
		\| \| reduce the impact of an incident using appropriate exploitation mitigation \| \| \| \|
		\| \| mechanisms and techniques." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(l) \| "Products with digital elements shall provide security related information by \| Clause 5.13 \| U/C \| \|
		\| \| recording and monitoring relevant internal activity, including the access to or \| \| \| \|
		\| \| modification of data, services or functions, with an opt-out mechanism for the \| \| \| \|
		\| \| user." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 1, (2)(m) \| "Products with digital elements shall provide the possibility for users to \| Clause 5.14 \| U/C \| \|
		\| \| securely and easily remove on a permanent basis all data and settings and, where \| \| \| \|
		\| \| such data can be transferred to other products or systems, ensure that this is \| \| \| \|
		\| \| done in a secure manner." \| \| \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Annex I, Part 2 \| \| Clause 5.15 \| U \| \|
		+-------------------------+----------------------------------------------------------------------------------+-----------------------------------+-----+-----------------------------------------------------------------------+
		\| Description \| Clause(s) of the present document \| U/C \|
		\| ----------------------- \| --------------------------------- \| --- \|
		\| Annex I, Part 1, (1) \| Clause 5 \| C \|
		\| Annex I, Part 1, (2)(a) \| Clause 5.2 \| U/C \|
		\| Annex I, Part 1, (2)(b) \| Clause 5.3 \| U/C \|
		\| Annex I, Part 1, (2)(c) \| Clause 5.4 \| U/C \|
		\| Annex I, Part 1, (2)(d) \| Clause 5.5 \| U/C \|
		\| Annex I, Part 1, (2)(e) \| Clause 5.6 \| U/C \|
		\| Annex I, Part 1, (2)(f) \| Clause 5.7 \| U/C \|
		\| Annex I, Part 1, (2)(g) \| Clause 5.8 \| U/C \|
		\| Annex I, Part 1, (2)(h) \| Clause 5.9 \| U/C \|
		\| Annex I, Part 1, (2)(i) \| Clause 5.10 \| U/C \|
		\| Annex I, Part 1, (2)(j) \| Clause 5.11 \| U/C \|
		\| Annex I, Part 1, (2)(k) \| Clause 5.12 \| U/C \|
		\| Annex I, Part 1, (2)(l) \| Clause 5.13 \| U/C \|
		\| Annex I, Part 1, (2)(m) \| Clause 5.14 \| U/C \|
		\| Annex I, Part 2 \| Clause 5.15 \| U \|

		> NOTE 1: The table cannot indicate direct relationship between the relevant legal requirement and _other_ standards or normative clauses contained in _other_ standards.