@@ -163,6 +163,7 @@ For the purposes of the present document, the following terms apply:
For the purposes of the present document, the following abbreviations apply:
For the purposes of the present document, the following abbreviations apply:
`APAC Attribute-Based Access Control`
`CRA Cyber Resilience Act`
`CRA Cyber Resilience Act`
`OS Operating System`
`OS Operating System`
`IDP Identity Provider`
`IDP Identity Provider`
@@ -836,7 +837,7 @@ In addition, the managed device can have a configuration port, management API, f
-**[REQ-AUTH-3]:** When a user or system identity has been authenticated, the product shall apply authorization controls based on assigned roles or equivalent access-control attributes.
-**[REQ-AUTH-3]:** When a user or system identity has been authenticated, the product shall apply authorization controls based on assigned roles or equivalent access-control attributes.
-**[REQ-AUTH-4]:** The authorization model shall enforce separation of privileges appropriate to the intended and reasonably foreseeable use of the product.
-**[REQ-AUTH-4]:** The authorization model shall enforce separation of privileges appropriate to the intended and reasonably foreseeable use of the product.
-**[REQ-AUTH-5]:** The technical documentation shall describe the authorization model implemented by the product.
-**[REQ-AUTH-5]:** The technical documentation shall describe the authorization model implemented by the product.
-**[REQ-AUTH-6]:** The product shall implement and document authorization controls, like RBAC, suitable for privileged interfaces and sensitive operations.
-**[REQ-AUTH-6]:** The product shall implement and document authorization controls, like RBAC or APAC, suitable for privileged interfaces and sensitive operations.
-**[REQ-AUTH-7]:** All access to administrative interfaces, control functions, and sensitive operations shall be subject to strong authentication of users, services, or integrated components.
-**[REQ-AUTH-7]:** All access to administrative interfaces, control functions, and sensitive operations shall be subject to strong authentication of users, services, or integrated components.
-**[REQ-AUTH-8]:** Privileged interfaces shall be protected with [5.2.4 State-of-the-art cryptographic libraries].
-**[REQ-AUTH-8]:** Privileged interfaces shall be protected with [5.2.4 State-of-the-art cryptographic libraries].
-**[REQ-AUTH-9]:** The product shall report all relevant events related to authorisation including, but not limited to, successful and unsuccessful use of identity, object access, policy change, privileged function use, data access and deletions, data changes and permission changes.
-**[REQ-AUTH-9]:** The product shall report all relevant events related to authorisation including, but not limited to, successful and unsuccessful use of identity, object access, policy change, privileged function use, data access and deletions, data changes and permission changes.
