@@ -298,13 +298,11 @@ More about assets in [Annex C.1 Assets](#c1-assets) and [Annex C.2 Data](#c11-da
This list of use cases is an informative resource for manufacturers to simplify the selection of a set of cybersecurity requirements. Each use case is mapped to a security profile, which is a collection of risks and the cybersecurity requirements necessary to mitigate them.
Manufacturer shall declare in the technical documentation the security profile for which their products are intended to be evaluated.
Manufacturer's technical documentation may benefit fromn including or refering to these use cases and to security profiles.
An NMS is a product controlling at least partially connected devices with network access. Despite its central positioning, an NMS can be aggregated out of several components, including but not to limited end-to-end management systems, dedicated configuration management systems, or controllers for software-defined networking as described in chapter 1.2.
An aggregated NMS implements further essential components for operation that are out of scope of the present standards. Those can be, as inconclusive examples, an OS that acts as abstraction layer for the system(s) that host the NMS, or further special networking interfaces.
Manufacturers shall be responsible for implementing all cybersecurity measures, regardless of the subcomponents in use.
An aggregated NMS implements further components for operation that are out of scope of the present standards. One example of this type of aggregate product design would an implementation where the operating system acts as abstraction layer for the system(s) that host the NMS, or special networking interfaces.
