Loading EN-304-621.md +7 −2 Original line number Original line Diff line number Diff line Loading @@ -849,10 +849,15 @@ The operative context is described in more datail in the section [4.8 Operationa #### Machine users #### Machine users Credential rotation addressed by [REQ-AUTH-11], is one of the key elements, that enable organisation to build resilience in a compromised network. The rotation can replace keys or tokens to limit exposure from compromised credentials. It can built on top of existing authority structures, or it can re-run some parts of the device initialisation procedures. How the retake of the authority is implemented is between the product and the device. - **[REQ-AUTH-10]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-10]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-11]:** The product shall support machine credential rotation or comparable structure. - **[REQ-AUTH-11]:** The product shall support machine credential rotation or comparable structure. - **[REQ-AUTH-12]:** The product shall implement passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-12]:** The product shall provide passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-13]:** The served API desing shall support minimal access grants for the machine user. - **[REQ-AUTH-13]:** The privileged interfaces like APIs shall support minimal access grants for the machine user. ### 5.2.7 Remote Data Processing Systems ### 5.2.7 Remote Data Processing Systems Loading Loading
EN-304-621.md +7 −2 Original line number Original line Diff line number Diff line Loading @@ -849,10 +849,15 @@ The operative context is described in more datail in the section [4.8 Operationa #### Machine users #### Machine users Credential rotation addressed by [REQ-AUTH-11], is one of the key elements, that enable organisation to build resilience in a compromised network. The rotation can replace keys or tokens to limit exposure from compromised credentials. It can built on top of existing authority structures, or it can re-run some parts of the device initialisation procedures. How the retake of the authority is implemented is between the product and the device. - **[REQ-AUTH-10]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-10]:** The product shall not implement a design where default machine user credentials are used. - **[REQ-AUTH-11]:** The product shall support machine credential rotation or comparable structure. - **[REQ-AUTH-11]:** The product shall support machine credential rotation or comparable structure. - **[REQ-AUTH-12]:** The product shall implement passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-12]:** The product shall provide passwordless authentication for machine users such as certificates or tokens. - **[REQ-AUTH-13]:** The served API desing shall support minimal access grants for the machine user. - **[REQ-AUTH-13]:** The privileged interfaces like APIs shall support minimal access grants for the machine user. ### 5.2.7 Remote Data Processing Systems ### 5.2.7 Remote Data Processing Systems Loading
