WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -171,11 +171,12 @@ Referenced documents which are not found to be publicly available in the expecte
- NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long-term validity.
The following referenced documents are necessary for the application of the present document.
-<spanid="_ref_1"></span><aname="_ref_1">[1]</a> ITU-T X.509(10/2019): \"Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks\"
-<spanid="_ref_1"></span><aname="_ref_1">[1]</a>\"ITU-T X.509\"\"(10/2019)\": \"Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks\"
- NOTE: Identical text in the defining of public-key and attribute certificates is also available in ISO/IEC 9594‑8 (paywall).
Editor's - NOTE: the normal convention appears to be to refer to X.509 (as the original source) but in some cases references are cited as ITU‑T X.509/ISO‑IEC 9594‑8.
-<spanid="_ref_2"></span><aname="_ref_2">[2]</a>\"CEN\"\"prEN XXX\":\" Cybersecurity requirements for products with digital elements – Vulnerability Handling\"
## 2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or nonspecific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies.
@@ -458,7 +459,7 @@ Table 5.1 provides a list of system administration assets for the PKI product.
##### 4.7.1.1.2 Registration service
Table 5.2 provides a list of assets for a PKI product that supports registration services.
Table 4.7.1.1.2-1 provides a list of assets for a PKI product that supports registration services.
<divalign="center">
@@ -481,7 +482,7 @@ If the PKI product does not provide support for subscriber management as part of
##### 4.7.1.1.3 Certificate generation service
Table 5.3 provides a list of assets for a PKI product that supports certificate generation services.
Table 4.7.1.1.3-1 provides a list of assets for a PKI product that supports certificate generation services.
<divalign="center">
@@ -510,7 +511,7 @@ If the PKI product does not support registration services, then certificate requ
##### 4.7.1.1.4 Dissemination service
Table 5.4 provides a list of assets for a PKI product that supports dissemination services.
Table 4.7.1.1.4-1 provides a list of assets for a PKI product that supports dissemination services.
<divalign="center">
@@ -1335,11 +1336,13 @@ information shall be recorded, after a proper verification.
# 6 Conformity Assessment
*Editor's note: This section's structur is stable. The content is not stable.*
## 6.1 Auditing
## 6.1 Vulnerability handeling
The developer shall conform to the requirements defined in [\[2\]](#_ref.2).
## 6.2 Auditing
REFERENCE: ASS-REQ-6.1-01
REFERENCE: ASS-REQ-6.2-01
- OBJECTIVE: Verify that the PKI records within each audit record the required information, and that these records do not include any secret key or other secret parameter in plaintext form.
@@ -1369,7 +1372,7 @@ For each of the generated audit record, verify that no private or symmetric key,
- REFERENCE: ASS-REQ-6.1-02
- REFERENCE: ASS-REQ-6.2-02
- OBJECTIVE: Verify that the PKI employs reliable time stamps.
@@ -1395,7 +1398,7 @@ c) arguments relating to the monotonicity of local time information (if applicab
- REFERENCE: ASS-REQ-6.1-03
- REFERENCE: ASS-REQ-6.2-03
- OBJECTIVE: Verify that the PKI records within each audit record resulting from actions of identified users the corresponding user information.
@@ -1415,7 +1418,7 @@ a) the way the event was triggered and at what time, and the corresponding audit
- REFERENCE: ASS-REQ-6.1-04
- REFERENCE: ASS-REQ-6.2-04
- OBJECTIVE: Verify PKI protections from unauthorised deletion to be active and functional.
@@ -1441,7 +1444,7 @@ d) the copies of existing audit records, before and after attempts.
- REFERENCE: ASS-REQ-6.1-05
- REFERENCE: ASS-REQ-6.2-05
- OBJECTIVE: Verify the PKI's ability to detect unauthorised modifications to the stored audit records during the audit.
@@ -1465,7 +1468,7 @@ c) the way the last audit was attempted, and the corresponding response from the
- REFERENCE: ASS-REQ-6.1-06
- REFERENCE: ASS-REQ-6.2-06
- OBJECTIVE: Verify the PKI's prevention of auditable events, except those taken by the auditor, if the audit log is full.
@@ -1487,7 +1490,7 @@ c) the way the additional event was attempted to be triggered, and the correspon
- REFERENCE: ASS-REQ-6.1-07
- REFERENCE: ASS-REQ-6.2-07
- OBJECTIVE: Verify the use of an audit log signing event by the PKI.
@@ -1547,7 +1550,7 @@ d) the way the second-to-last signature, keyed hash or authentication code was m
- REFERENCE: ASS-REQ-6.1-08
- REFERENCE: ASS-REQ-6.2-08
- OBJECTIVE: Verify the frequency of the audit log signing event by the PKI to be configurable.
@@ -1569,11 +1572,11 @@ b) the 2 last audit log signing events as they appear in the audit log, and thei
#### 6.2 Secret management
#### 6.3 Secret management
- REFERENCE: ASS-REQ-6.2-02
- REFERENCE: ASS-REQ-6.3-02
- OBJECTIVE: Verify the PKI does not persistently store private or symmetric keys in plaintext form.
@@ -1589,7 +1592,7 @@ a) The documentation of private and symmetric keys profiles and how these keys a
- REFERENCE: ASS-REQ-6.2-03
- REFERENCE: ASS-REQ-6.3-03
- OBJECTIVE: Verify public keys stored within the PKI outside a secure cryptographic device are protected against undetected modification, and that public keys are released or used after a detected modification.
@@ -1637,7 +1640,7 @@ c) the way operations making use of public keys were attempted to be triggered,
- REFERENCE: ASS-REQ-6.2-04
- REFERENCE: ASS-REQ-6.3-04
- OBJECTIVE: Verify the public key zeroizes secrets in plaintext form.
@@ -1659,7 +1662,7 @@ b) the documentation of zeroization methods employed.
- REFERENCE: ASS-REQ-6.2-05
- REFERENCE: ASS-REQ-6.3-05
- OBJECTIVE: Verify the PKI cannot export private or symmetric keys in plaintext form.
@@ -1673,11 +1676,11 @@ b) the documentation of zeroization methods employed.
#### 6.3 Certificate issuance
#### 6.4 Certificate issuance
- REFERENCE: ASS-REQ-6.3-01
- REFERENCE: ASS-REQ-6.4-01
- OBJECTIVE: Verify the certificates issued by the certificate generation service are public-key certificates or attribute certificates whose format complies with the X.509 standard [ITU-T X.509].
@@ -1691,7 +1694,7 @@ b) the documentation of zeroization methods employed.
- REFERENCE: ASS-REQ-6.3-02
- REFERENCE: ASS-REQ-6.4-02
- OBJECTIVE: Verify the format of public-key certificates issued by the certificate generation service complies with the X.509 standard [ITU-T X.509].
@@ -1717,7 +1720,7 @@ b) the way issuances were requested, and the responses and issued certificates f
- REFERENCE: ASS-REQ-6.3-03
- REFERENCE: ASS-REQ-6.4-03
- OBJECTIVE: Verify the PKI implements and follows a certificate profile for issued certificates.
@@ -1745,7 +1748,7 @@ c) the way issuances were requested, and the responses and issued certificates f
- REFERENCE: ASS-REQ-6.3-04
- REFERENCE: ASS-REQ-6.4-04
- OBJECTIVE: Verify that the PKI requires the Administrator to specify the set of acceptable values for the fields and extensions identified in REQ-5.3-04.
@@ -1767,7 +1770,7 @@ b) the way issuances were requested, and the responses from the PKI.
- REFERENCE: ASS-REQ-6.3-05
- REFERENCE: ASS-REQ-6.4-05
- OBJECTIVE: Verify the PKI marks the keyUsage, basicConstraints and certificatePolicies as critical in issued certificates.
@@ -1791,7 +1794,7 @@ b) the way issuances were requested, and the responses and issued certificates f
- REFERENCE: ASS-REQ-6.3-06
- REFERENCE: ASS-REQ-6.4-06
- OBJECTIVE: Verify the PKI disallows the keyUsage extension to offer both digital signature and encryption or key agreement capabilities.
@@ -1821,7 +1824,7 @@ b) the way issuances were requested, and the responses and issued certificates f
- REFERENCE: ASS-REQ-6.3-07
- REFERENCE: ASS-REQ-6.4-07
- OBJECTIVE: Verify the PKI ensures a prospective certificate subject possesses the private key that
@@ -1861,11 +1864,11 @@ c) the random values generated by the PKI.
#### 6.4 Certificate status
#### 6.5 Certificate status
- REFERENCE: ASS-REQ-6.4-01
- REFERENCE: ASS-REQ-6.5-01
- OBJECTIVE: Verify the certificate revocation statuses to be either or both of CRLs as defined by and subject to the requirements of [ITU-T X.509],
@@ -1881,7 +1884,7 @@ or OCSP responses as defined by and subject to the requirements of [RFC 6960].
- REFERENCE: ASS-REQ-6.4-02
- REFERENCE: ASS-REQ-6.5-02
- OBJECTIVE: Verify the PKI implements and enforces a CRL profile for issued CRLs.
@@ -1899,7 +1902,7 @@ b) verify the CRL to match the constraints of the CRL profile.
- REFERENCE: ASS-REQ-6.4-03
- REFERENCE: ASS-REQ-6.5-03
- OBJECTIVE: Verify that the PKI requires the Administrator to specify the set of acceptable values for the fields and extensions identified in REQ-5.4-03.
@@ -1913,7 +1916,7 @@ b) verify the CRL to match the constraints of the CRL profile.
- REFERENCE: ASS-REQ-6.4-04
- REFERENCE: ASS-REQ-6.5-04
- OBJECTIVE: Verify the PKI implements and enforces an OCSP response profile for issued OCSP responses.
@@ -1931,7 +1934,7 @@ b) verify the OCSP response to match the constraints of the OCSP response profil
- REFERENCE: ASS-REQ-6.4-05
- REFERENCE: ASS-REQ-6.5-05
- OBJECTIVE: Verify that the PKI requires the Administrator to specify the set of acceptable values for the fields and extensions identified in REQ-5.4-05.
@@ -1959,12 +1962,12 @@ b) verify the OCSP response to match the constraints of the OCSP response profil
| No | Description | Clause(s) of the present document | U/C | Condition |
| (2)(c) | Vulnerabilities can be addressed via security updates, default to automatic, with opt-out and postponement | | | |
| (2)(d) | Protection from unauthorised access via authentication and access control | | | |
| (2)(e) | Confidentiality of data in storage or transit (e.g., encryption) | REQ-5.2-01, REQ-5.2-02 | | |
| (1) | Products with digital elements shall be designed, developed and produced in such a way that they ensure an appropriate level of cybersecurity based on the risks. | Annex C |||
| (2)(a) | It shall be made available on the market without known exploitable vulnerabilities. |6.1|||
| (2)(b) | be made available on the market with a securebydefault configuration, unless otherwise agreed between manufacturer and business user in relation to a tailor-made product with digital elements, including the possibility to reset the product to its original state;|5|||
| (2)(c) | Vulnerabilities can be addressed via security updates, default to automatic, with opt-out and postponement | 6.1|||
| (2)(d) | Protection from unauthorised access via authentication and access control | 5.1, 5.3, 6.2 & 6.3|||
| (2)(e) | Confidentiality of data in storage or transit (e.g., encryption) | 5.2| | |
| (2)(g) | Data minimisation — only adequate and necessary data shall be processed | REQ-5.3-01, REQ-5.3-02, REQ-5.3-03, REQ-5.3-04, REQ-5.4-01, REQ-5.4-02 | | |
| (2)(h) | Ensure availability of essential functions including resilience and DoS protection | REQ-5.1-04, REQ-5.1-05, REQ-5.1-06 | | |
