Reformat CRA requirements table (2cbe250f) · Commits · STAN4CRA / EN 304 625 Network Interfaces

EN-304-625.md

+18 −18

Original line number	Diff line number	Diff line
		@@ -1707,23 +1707,23 @@ The present document has been prepared under the Commission's standardisation re

		Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in table A.1 confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.

		\| Number and Description of CRA requirement \| Correseponding essential security requirements(s) \|
		\|-------------------------------------------------\|------------------------------------\|
		\| 1. Secure design, development, production; Annex I, Part I, (1) \| SSDD, LMII \|
		\| 2. No known exploitable vulnerabilities; Annex I, Part I, (2)(a) \| NKEV \|
		\| 3. Secure by default configuration; Annex I, Part I, (2)(a) \| SDEF \|
		\| 4. Secure updates; Annex I, Part I, (2)(c) \| SCUD \|
		\| 5. Authentication and access control mechanisms; Annex I, Part I, (2)(d) \| AUTH\* \|
		\| 6. Confidentiality of store and transmitted information; Annex I, Part I, (2)(e) \| CDST, CDTX, CRYP\* \|
		\| 7. Integrity protection for data and configuration; Annex I, Part I, (2)(f) \| IDST, IDTX \|
		\| 8. Data minimization; Annex I, Part I, (2)(g) \| DMIN \|
		\| 9. Availability protection; Annex I, Part I, (2)(h) \| AVAI, LMII \|
		\| 10. Minimize impact on other devices or services; Annex I, Part I, (2)(i) \| MINI, SDEF, AVAI, SSDD, LMII \|
		\| 11. Limit attack surface; Annex I, Part I, (2)(i) \| LMAS, SSDD, LMII \|
		\| 12. Exploit mitigation by limiting incident impact; Annex I, Part I, (2)(k) \| LMII, AVAI, SSDD \|
		\| 13. Logging and monitoring mechanisms; Annex I, Part I, (2)(l) \| LOGG \|
		\| 14. Secure deletion and data transfer; Annex I, Part I, (2)(l) \| SCDL, SDTR \|
		\| 15. Vulnerability handling; Annex I, Part II \| VULH \|
		\| No. \| Description \| Requirements of Regulation \| Corresponding technical requirements(s) \|
		\|-----\|------------------------------------------------------\|----------------------------\|-----------------------------------------\|
		\| 1 \| Secure design, development, production \| Annex I, Part I, (1) \| SSDD, LMII \|
		\| 2 \| No known exploitable vulnerabilities \| Annex I, Part I, (2)(a) \| NKEV \|
		\| 3 \| Secure by default configuration \| Annex I, Part I, (2)(b) \| SDEF \|
		\| 4 \| Secure updates \| Annex I, Part I, (2)(c) \| SCUD \|
		\| 5 \| Authentication and access control mechanisms \| Annex I, Part I, (2)(d) \| AUTH\* \|
		\| 6 \| Confidentiality of store and transmitted information \| Annex I, Part I, (2)(e) \| CDST, CDTX, CRYP\* \|
		\| 7 \| Integrity protection for data and configuration \| Annex I, Part I, (2)(f) \| IDST, IDTX \|
		\| 8 \| Data minimization \| Annex I, Part I, (2)(g) \| DMIN \|
		\| 9 \| Availability protection \| Annex I, Part I, (2)(h) \| AVAI, LMII \|
		\| 10 \| Minimize impact on other devices or services \| Annex I, Part I, (2)(i) \| MINI, SDEF, AVAI, SSDD, LMII \|
		\| 11 \| Limit attack surface \| Annex I, Part I, (2)(j) \| LMAS, SSDD, LMII \|
		\| 12 \| Exploit mitigation by limiting incident impact \| Annex I, Part I, (2)(k) \| LMII, AVAI, SSDD \|
		\| 13 \| Logging and monitoring mechanisms \| Annex I, Part I, (2)(l) \| LOGG \|
		\| 14 \| Secure deletion and data transfer \| Annex I, Part I, (2)(m) \| SCDL, SDTR \|
		\| 15 \| Vulnerability handling \| Annex I, Part II \| VULH \|

		\* _waiting on cross-vertical_

Original line number	Diff line number	Diff line
		@@ -1707,23 +1707,23 @@ The present document has been prepared under the Commission's standardisation re

		Once the present document is cited in the Official Journal of the European Union under that Regulation, compliance with the normative clauses of the present document given in table A.1 confers, within the limits of the scope of the present document, a presumption of conformity with the corresponding requirements of that Regulation and associated EFTA regulations.

		\| Number and Description of CRA requirement \| Correseponding essential security requirements(s) \|
		\|-------------------------------------------------\|------------------------------------\|
		\| 1. Secure design, development, production; Annex I, Part I, (1) \| SSDD, LMII \|
		\| 2. No known exploitable vulnerabilities; Annex I, Part I, (2)(a) \| NKEV \|
		\| 3. Secure by default configuration; Annex I, Part I, (2)(a) \| SDEF \|
		\| 4. Secure updates; Annex I, Part I, (2)(c) \| SCUD \|
		\| 5. Authentication and access control mechanisms; Annex I, Part I, (2)(d) \| AUTH\* \|
		\| 6. Confidentiality of store and transmitted information; Annex I, Part I, (2)(e) \| CDST, CDTX, CRYP\* \|
		\| 7. Integrity protection for data and configuration; Annex I, Part I, (2)(f) \| IDST, IDTX \|
		\| 8. Data minimization; Annex I, Part I, (2)(g) \| DMIN \|
		\| 9. Availability protection; Annex I, Part I, (2)(h) \| AVAI, LMII \|
		\| 10. Minimize impact on other devices or services; Annex I, Part I, (2)(i) \| MINI, SDEF, AVAI, SSDD, LMII \|
		\| 11. Limit attack surface; Annex I, Part I, (2)(i) \| LMAS, SSDD, LMII \|
		\| 12. Exploit mitigation by limiting incident impact; Annex I, Part I, (2)(k) \| LMII, AVAI, SSDD \|
		\| 13. Logging and monitoring mechanisms; Annex I, Part I, (2)(l) \| LOGG \|
		\| 14. Secure deletion and data transfer; Annex I, Part I, (2)(l) \| SCDL, SDTR \|
		\| 15. Vulnerability handling; Annex I, Part II \| VULH \|
		\| No. \| Description \| Requirements of Regulation \| Corresponding technical requirements(s) \|
		\|-----\|------------------------------------------------------\|----------------------------\|-----------------------------------------\|
		\| 1 \| Secure design, development, production \| Annex I, Part I, (1) \| SSDD, LMII \|
		\| 2 \| No known exploitable vulnerabilities \| Annex I, Part I, (2)(a) \| NKEV \|
		\| 3 \| Secure by default configuration \| Annex I, Part I, (2)(b) \| SDEF \|
		\| 4 \| Secure updates \| Annex I, Part I, (2)(c) \| SCUD \|
		\| 5 \| Authentication and access control mechanisms \| Annex I, Part I, (2)(d) \| AUTH\* \|
		\| 6 \| Confidentiality of store and transmitted information \| Annex I, Part I, (2)(e) \| CDST, CDTX, CRYP\* \|
		\| 7 \| Integrity protection for data and configuration \| Annex I, Part I, (2)(f) \| IDST, IDTX \|
		\| 8 \| Data minimization \| Annex I, Part I, (2)(g) \| DMIN \|
		\| 9 \| Availability protection \| Annex I, Part I, (2)(h) \| AVAI, LMII \|
		\| 10 \| Minimize impact on other devices or services \| Annex I, Part I, (2)(i) \| MINI, SDEF, AVAI, SSDD, LMII \|
		\| 11 \| Limit attack surface \| Annex I, Part I, (2)(j) \| LMAS, SSDD, LMII \|
		\| 12 \| Exploit mitigation by limiting incident impact \| Annex I, Part I, (2)(k) \| LMII, AVAI, SSDD \|
		\| 13 \| Logging and monitoring mechanisms \| Annex I, Part I, (2)(l) \| LOGG \|
		\| 14 \| Secure deletion and data transfer \| Annex I, Part I, (2)(m) \| SCDL, SDTR \|
		\| 15 \| Vulnerability handling \| Annex I, Part II \| VULH \|

		\* _waiting on cross-vertical_