Merge branch 'oc5' into 'main'

This quotation is not to be used as a source of the truth, as the definition might change. Refer to the source for the latest description.

The NMS is defined in the implmeneting regulation [\[i.11\]](#_ref_i.11) in Annex I, Class I (6) and is not restricted to only systems that are IP connected. The scope covers all connected elements in the network, that are somehow managed. This includes, but is not limited to, Mobile Device Management systems and Software Defined Networking.

The NMS is defined in the implmeneting regulation [\[i.11\]](#_ref_i.11) in Annex I, Class I (6) and is not restricted to only systems that are IP connected. The scope covers all connected elements in the network, that are managed. This includes, but is not limited to, Mobile Device Management systems and Software Defined Networking.

Bluetooth consumer devices are usually not managed by an NMS, however, if they are capable, a NMS management could control them too, as Bluetooth is just a communication media and can be used also for management traffic. Such, NMS’s often control more than just network configuration - e.g., MDM systems.

## 4.3 Product overview and architecture

Network management systems are often deployed <mark>in a star pattern, where all command and control functionality is focused on a centralised set of services, that are providing all required functionality</mark>.

Network management systems are commonly deployed using centralized management services that provide command, control, monitoring, and administration functions.

Depending on the connected element design and degree of autonomy, the element can often operate fully without constant connectivity to an NMS. In larger network deployments and without adjustments in routing or other operation parameters, the connectivity to the NMS can erode over time.

Depending on the design and autonomy of the managed elements, some elements may continue limited operation when connectivity to the network management system is unavailable.

In larger deployments, network design and operational parameters can affect the reliability and scalability of connectivity between managed elements and the network management system.

![Figure 4.3-1: Product overview and architecture](./media/2025-07-30_system.drawio.png)

**Figure 4.3-1: Product overview and architecture**

Network management systems are operated by users or by programs that interface with an API. These programs can be internal or external to the system.

Network management systems are operated by users or by programs that interface with an API. These programs can be internal or external to the system depending on the product design and deployment context.

The system is often accessed with a browser <mark>using an identity outside of the installation context</mark>.

The system is often accessed with a browser using an identity outside of the installation context.

Identity Provider (IdP) can be used as base for the users identity.

In an enterprise setting, or equivalent, the high number of users and the volume of role changes has lead to adoption of dedicated identity management platforms.

Typically, the system runs on hardware with an OS and networking interfaces.

The system typically runs on hardware and software components that provide the necessary operating environment and network connectivity.

The Operating System can be part of the deliverable and hense, part of the product.

The OS best practices and requirements are defined outside of this document.

NMS’ can interface with PKI and SIEM systems if it is justified by the requirements in the deployment context, though cybersecurity requirements of these systems, even if integrated into the NMS product, are not addressed by this standard.

Where relevant to the deployment context, the NMS may interface with external services such as identity, cryptographic, logging, or event management systems, though cybersecurity requirements of these systems, even if integrated into the NMS product, are not addressed by this standard.

The main functionality of an NMS is to interface and interact with routers, modems and switches.

The primary function of an NMS is to monitor, configure, administer, or otherwise manage connected network elements.

More about assets in [Annex C.1 Assets](#c1-assets) and [Annex C.2 Data](#c11-data).

## 4.4 Use cases

This list of use cases is an informative resource for manufacturers to simplify the selection of a set of cybersecurity requirements. Each use case is mapped to a security profile, which is a collection of risks and the cybersecurity requirements necessary to mitigate them.

This list of use cases is a resource for manufacturers to simplify the selection of a set of cybersecurity requirements.

Manufacturer's technical documentation may benefit fromn including or refering to these use cases and to security profiles.

Manufacturer's technical documentation may benefit from including or refering to these use cases and to security profiles.

An NMS is a product controlling at least partially connected devices with network access. Despite its central positioning, an NMS can be an aggregate of several components, including but not limited to: end-to-end management systems, dedicated configuration management systems, or controllers for software-defined networking as described in chapter 1.2.

An aggregated NMS can implement additional components for functions that are outside the scope of the present standards. One example of this type of aggregate product design would an implementation where the operating system acts as abstraction layer for the system(s) that host the NMS, or special networking interfaces.

NMS can be composed of several components or can implement additional functions that are outside the scope of the present standards.

One example of this type of aggregate product design would an implementation where the operating system acts as abstraction layer for the system(s) that host the NMS, or the networking interfaces.

### 4.4.1 Distributed deployment