Commit 164c1227 authored by Sammy Haddad's avatar Sammy Haddad
Browse files

Update file EN-304-624.md

parent c8e44731

EN-304-624.md

+17 −36
Original line number Diff line number Diff line
@@ -1957,42 +1957,23 @@ b) verify the OCSP response to match the constraints of the OCSP response profil 
|(7)|	Secure update delivery mechanisms				

|(8)|	Updates shall be timely, free of charge, and include user guidance



No | Description | Clause(s) of the present document | U/C | Condition

(1)

Design, development, and production must ensure appropriate cybersecurity based on risks

(2)(a)

No known exploitable vulnerabilities at market release

(2)(b)

Secure-by-default configuration

(2)(c)

Vulnerabilities can be addressed via security updates, default to automatic, with opt-out and postponement

(2)(d)

Protection from unauthorised access via authentication and access control

(2)(e)

Confidentiality of data in storage or transit (e.g., encryption)

Clause(s): REQ-5.2-01, REQ-5.2-02

(2)(f)

Integrity of data, commands, programs, configuration; detect/report manipulation

Clause(s): REQ-5.2-03, REQ-5.3-01, REQ-5.3-02, REQ-5.3-04, REQ-5.3-05, REQ-5.3-06

(2)(g)

Data minimisation — only adequate and necessary data shall be processed

Clause(s): REQ-5.3-01, REQ-5.3-02, REQ-5.3-03, REQ-5.3-04, REQ-5.4-01, REQ-5.4-02

(2)(h)

Ensure availability of essential functions including resilience and DoS protection

Clause(s): REQ-5.1-04, REQ-5.1-05, REQ-5.1-06

(2)(i)

Avoid degradation of other systems’ availability (non-interference)

(2)(j)

Limit attack surfaces including external interfaces

Clause(s): REQ-5.3-07, REQ-5.3-08, REQ-5.4-01, REQ-5.4-02

(2)(k)

Include appropriate exploitation mitigation techniques

Clause(s): REQ-5.1-07, REQ-5.2-03, REQ-5.2-04, REQ-5.2-05, REQ-5.4-01

(2)(l)

Logging and internal monitoring of data/function access, with opt-out

Clause(s): REQ-5.1-01, REQ-5.1-02, REQ-5.1-03, REQ-5.1-04, REQ-5.1-05, REQ-5.1-06, REQ-5.1-07, REQ-5.1-08

(2)(m)

Allow users to permanently remove data and settings securely

| No      | Description                                                                                     | Clause(s) of the present document                     | U/C | Condition                                      |

|---------|-------------------------------------------------------------------------------------------------|-------------------------------------------------------|-----|------------------------------------------------|

| (1)     | Design, development, and production must ensure appropriate cybersecurity based on risks         |                                                       |     |                                                |

| (2)(a)  | No known exploitable vulnerabilities at market release                                          |                                                       |     |                                                |

| (2)(b)  | Secure-by-default configuration                                                                  |                                                       |     |                                                |

| (2)(c)  | Vulnerabilities can be addressed via security updates, default to automatic, with opt-out and postponement |                                                       |     |                                                |

| (2)(d)  | Protection from unauthorised access via authentication and access control                       |                                                       |     |                                                |

| (2)(e)  | Confidentiality of data in storage or transit (e.g., encryption)                                | REQ-5.2-01, REQ-5.2-02                               |     |                                                |

| (2)(f)  | Integrity of data, commands, programs, configuration; detect/report manipulation                | REQ-5.2-03, REQ-5.3-01, REQ-5.3-02, REQ-5.3-04, REQ-5.3-05, REQ-5.3-06 |     |                                                |

| (2)(g)  | Data minimisation — only adequate and necessary data shall be processed                          | REQ-5.3-01, REQ-5.3-02, REQ-5.3-03, REQ-5.3-04, REQ-5.4-01, REQ-5.4-02 |     |                                                |

| (2)(h)  | Ensure availability of essential functions including resilience and DoS protection               | REQ-5.1-04, REQ-5.1-05, REQ-5.1-06                   |     |                                                |

| (2)(i)  | Avoid degradation of other systems’ availability (non-interference)                             |                                                       |     |                                                |

| (2)(j)  | Limit attack surfaces including external interfaces                                             | REQ-5.3-07, REQ-5.3-08, REQ-5.4-01, REQ-5.4-02       |     |                                                |

| (2)(k)  | Include appropriate exploitation mitigation techniques                                           | REQ-5.1-07, REQ-5.2-03, REQ-5.2-04, REQ-5.2-05, REQ-5.4-01 |     |                                                |

| (2)(l)  | Logging and internal monitoring of data/function access, with opt-out                          | REQ-5.1-01, REQ-5.1-02, REQ-5.1-03, REQ-5.1-04, REQ-5.1-05, REQ-5.1-06, REQ-5.1-07, REQ-5.1-08 |     |                                                |

| (2)(m)  | Allow users to permanently remove data and settings securely                                    |                                                       |     |                                                |







Key to columns: