Edit EN-304-625.md

Products in scope include products whose purpose is to serve as a virtual or physical network interface intended to enable the connection of a computing device to a network. A network interface provides connectivity via a device driver API operating at the data link layer.

Physical network interfaces are products with digital elements that directly connect a device to a network via an application programming interface (API) provided by device drivers, typically operating at the data link layer, and that feature hardware adapters to transmission media with corresponding firmware, typically operating at the physical and data link layer.

Physical network interfaces are products that directly connect a device to a network via an application programming interface (API) provided by device drivers. This connection may be wired or wireless and feature hardware adapters to transmission media with corresponding firmware, typically physical network interfaces operate at the physical and data link layer.

Products that are connected to a host system by a communications bus, such as PCIe or USB are physical network interfaces, though they may use a wide variety of technologies to enable this connection including both direct physical connections and wireless connections.

The category of physical network interfaces is broad and composed of wired and wireless network interface cards, controllers and adapters, and network interface hardware modules, such as for Wi-Fi™, Ethernet, cellular modems, IrDA, USB, Bluetooth®, NearLink, Zigbee®, Fieldbus, or Infiniband.

Virtual network interfaces are products with digital elements that directly or indirectly connect a device to a network via an API that emulates that of device drivers or physical network interfaces, typically operating at the data link layer.

Physical network interfaces are connected to a host system by a communications bus, such as PCIe or USB. Virtual network interfaces are software running on the host system, and communicate via the device driver interface.

This category is composed of wired and wireless network interface cards, controllers and adapters, and network interface hardware modules, such as for Wi-Fi™, Ethernet, cellular modems, IrDA, USB, Bluetooth®, NearLink, Zigbee®, Fieldbus, or Infiniband.

The term \"modem\" is used for two different kinds of products:

1. \"Modem interface\": a single network interface that connects a physical transmission adapter to a system bus, as for example a 5G modem interface or Power Line Communication device

1. \"Standalone modem\": A device with two or more network interfaces that routes network data between two different networks, relaying data from one type of physical transmission media to another, such as a cable modem

\"Modem interfaces\" are included in the present document. \"Standalone modems\" are excluded from the present document.

This category includes purely virtual standalone products, such as virtual network interfaces, container network interfaces, VPN interfaces, and loopback interfaces.

This category includes products whose core function is a network interface and provides the feature of remote management interface for the network interface or the host system.

Virtual network interfaces are products that directly or indirectly connect a device to a network via an API that emulates that of device drivers or physical network interfaces, typically operating at the data link layer. These virtual network interfaces consist of software running on a host system, and communicate via the device driver interface of that host.

As purely virtual, standalone products, a virtual network interface remains a product whose core function is that of a network interface and that provides a remote management interface for the network interface or the host system.

Examples of virtual network interfaces also include: container network interfaces, VPN interfaces, and loopback interfaces.

For the purposes of the present document, network interfaces will be split up into the following groups, due to their distinct threat models:

* Wireless network interfaces

* Virtual network interfaces

Network interfaces are closely related to what is commonly called a \"modem\", but this general term is used for two different kinds of products:

1. \"Modem interface\": A single network interface that connects a physical transmission adapter to a system bus, as for example a 5G modem interface or Power Line Communication device

2. \"Standalone modem\": A device with two or more network interfaces that routes network data between two different networks, relaying data from one type of physical transmission media to another, such as a cable modem

\"Modem interfaces\" are included in the present document. \"Standalone modems\" are excluded from the present document, but may be found in the vertical CRA stadnard for Routers Modems & Switches [i.7]

## 1.3 Products not in scope

Products not in scope include:

<span id="_ref_i.6"></span><a name="_ref_i.6">[i.6]</a> prEN 40000-1-1: &quot;Cybersecurity requirements for products with digital elements – Vocabulary&quot;, (produced by CEN).</a>

<span id="_ref_i.7"></span><a name="_ref_i.7">[i.7]</a> ETSI EN 304 627 \"Essential cybersecurity requirements for routers, modems

intended for the connection to the internet, and switches\".

# 3 Definition of terms, symbols and abbreviations

**host:** any equipment to which the network interface part provides additional functionality, mainly network connectivity, and to which connection is necessary for the network interface to operate

**modem interface:** single physical network interface that converts a digital transmission from the host into an analogue transmission for the physical transmission adapter

**modem interface:**  A single network interface that connects a physical transmission adapter to a system bus

**Network Interface (NI):** virtual or physical network interface