Commit 9b482cf0 authored by Santeri Toikka's avatar Santeri Toikka
Browse files

Whitespace cleanup

parent 3bd21852

EN-304-622.md

+56 −62
Original line number Diff line number Diff line
@@ -182,7 +182,6 @@ This standard does not cover products in use in contexts other than those identi 


## 2.1 Normative references





> NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity.



The following referenced documents are necessary for the application of the present document.
@@ -198,7 +197,6 @@ References are either specific (identified by date of publication and/or edition 
The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader's understanding but are not required for conformance to the present document.



- <a name="_ref_i.1">[i.1]</a> Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act).



- <a name="_ref_i.1">[i.2]</a> NIST SP 800-128 (2011) Guide for Security-Focused Configuration Management of Information Systems



- <a name="_ref_i.2">[i.x]</a> &lt;Standard Organization acronym> &lt;document number> (&lt;version number>): "&lt;Title>".
@@ -361,6 +359,7 @@ The risk profile is derived from intended and reasonably foreseeable uses of the 
- EXP-3 Device ingestion API available in publicly connectible interface



> <mark>Things to consider</mark>:

>

> 1. Interfaces or sources that are just used

> 1. CM clients that are trusted

> 1. Carbage from authrized sources
@@ -374,6 +373,7 @@ The risk profile is derived from intended and reasonably foreseeable uses of the 
- ADM-2 IT generalist adminsitraor (full or part time)



> <mark>Things to consider</mark>:

>

> 1. How well the admin knows the company?

> 1. Is this a quality thing for the product? If so, should be removed.
@@ -388,7 +388,7 @@ The risk profile is derived from intended and reasonably foreseeable uses of the 
### 4.5.2 Mapping of Use Cases to Risk Factors



| Use case                                     | [ING] | [API] | [ADM] | [ISO] |

| ------------------------------------------ | ----- | ----- | ----- | ----- |

| -------------------------------------------- | ----- | ----- | ----- | ----- |

| [UC-OP-1] On Premises SIEM system            | 0-2   | 0-3   | 2     | 0     |

| [UC-OP-2] On Premises MSSP system            | 0-2   | 3     | 1     | 1     |

| [UC-RS-1] Cloud Based System                 | 0-2   | 3     | 1     | 1     |
@@ -648,6 +648,7 @@ This section can include topic specific requirements. 
### 5.3.3 Mitigations of event collection infrastructure



This section shall have:



- How the SIEM deploys an updated collector or API client software to the managed device?

- How the SIEM shall monitor changes in the connectivity

- How the managed device inventory should be correlated to the existing collection sources
@@ -661,6 +662,7 @@ This section shall have: 
- **[REQ-UPDATES-2]** Use secure channels for update delivery (e.g., TLS).



### 5.3.5 Logging



### 5.3.7 Data minimization



- **[REQ-MON-2]** Metrics name, purpose, and value interpretation are described for the user.
@@ -685,7 +687,6 @@ The high availability requirements are: 
- <mark>How to include protections against DDoS or similar?</mark>

  - Unwanted traffic in the interfaces can cause a denial of service from the managed elements.





# 6 Conformity assesments and tests



> This section should not add requirements that are not already specified in 5. Requirements Specifications.
@@ -703,8 +704,8 @@ The high availability requirements are: 
## 6.1 General requirements assesments



## 6.1.1 Vulnerability handling tests

## 6.2 Technical security requirement tests and assesments



## 6.2 Technical security requirement tests and assesments



## 6.3 Risk mitigations tests
@@ -714,7 +715,6 @@ The high availability requirements are: 


### 6.3.8 High availability tests





# Annex A (informative): Mapping between the present document and CRA requirements



> Table mapping technical security requirements from Section 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.
@@ -777,7 +777,6 @@ The high availability requirements are: 


## C 2.1 Assets





### C 2.1.1 Data assets



- Credentials
@@ -805,7 +804,6 @@ The high availability requirements are: 


<mark>Where does CSXX, working function (val knows)</mark>





## C 2.2 Threats



> Based on the assets, what are the threats during:
@@ -840,7 +838,6 @@ Threat: compromise of SIEM will compromise other systems? 


https://www.skyflow.com/post/how-to-keep-sensitive-data-out-of-your-logs-nine-best-practices





## C 2.3 Estimate Risks (Risk factors)



## C 2.4 Evaluate Risks
@@ -853,8 +850,6 @@ https://www.skyflow.com/post/how-to-keep-sensitive-data-out-of-your-logs-nine-be 


> Describe how to treat any residual risks, for example by documenting them or informing the user.







## C 3 Assumptions



> List assumptions that are relevant to the risk analysis for these threats. Everything is hackable if you try hard enough, but what risks can this product mitigate, and what must it delegate to other components or the operational environment? Some potential examples:
@@ -901,7 +896,6 @@ https://www.skyflow.com/post/how-to-keep-sensitive-data-out-of-your-logs-nine-be 


# Annex D (informative): Risk evaluation guidance





# Annex L (informative): Relationship between the present document and the requirements of EU Regulation 2024/2847



DRAFT ANNEX L - DO NOT CONSIDER THE CONTENT