Update CRA mapping table (55d79bd9) · Commits · STAN4CRA / EN 304 626 Operating Systems

EN-304-626.md

+6 −9

Original line number	Diff line number	Diff line
		@@ -1620,7 +1620,7 @@ The product shall detect corruption of the data stored on the product.

		> TODO: Rate use cases by sensitivity of data transmitted and update the security profile list above.

		#### 5.2.X TR-IDST: Integrity of data transmitted by the product
		#### 5.2.X TR-IDTX: Integrity of data transmitted by the product

		The product shall detect corruption of the data transmitted by the product.

		@@ -1630,7 +1630,7 @@ Guidance: Integrity may be protected by the environment, permissions, duplicatio

		The product shall detect corruption of the data transmitted by the product.

		* Reference: TR-IDST
		* Reference: TR-IDTX

		* Objective: Integrity of data

		@@ -1797,7 +1797,6 @@ The product shall provide a method by which an authorized user can securely tran

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles


		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| DATA < 1 & CONF < 2 \| None \|
		@@ -2172,24 +2171,22 @@ Description: Firewall for enterprise network

		# Annex A (informative): Mapping between the present document and CRA requirements

		FIXME should be Annex ZA

		> Table mapping technical security requirements from clause 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.

		\| CRA requirement \| Technical security requirements(s) \|
		\|-------------------------------------------------\|------------------------------------\|
		\| No known exploitable vulnerabilities \| \|
		\| Secure design, development, production \| TEST? \|
		\| Secure design, development, production \| \|
		\| Secure by default configuration \| SDEF \|
		\| Secure updates \| SCUD \|
		\| Authentication and access control mechanisms \| \|
		\| Confidentiality protection \| MISO, MSAF, CONF \|
		\| Integrity protection for data and configuration \| MISO \|
		\| Confidentiality protection \| MISO, MSAF, CDST, CDTX \|
		\| Integrity protection for data and configuration \| MISO, IDST, IDTX \|
		\| Data minimization \| DMIN \|
		\| Availability protection \| \|
		\| Minimize impact on other devices or services \| \|
		\| Limit attack surface \| MISO, MSAF, LMAS \|
		\| Exploit mitigation by limiting incident impact \| MISO, MSAF \|
		\| Exploit mitigation by limiting incident impact \| MISO, MIME MSAF \|
		\| Logging and monitoring mechanisms \| LSRE, LLTP, RLTP \|
		\| Secure deletion and data transfer \| SCDL, SDTR \|

Original line number	Diff line number	Diff line
		@@ -1620,7 +1620,7 @@ The product shall detect corruption of the data stored on the product.

		> TODO: Rate use cases by sensitivity of data transmitted and update the security profile list above.

		#### 5.2.X TR-IDST: Integrity of data transmitted by the product
		#### 5.2.X TR-IDTX: Integrity of data transmitted by the product

		The product shall detect corruption of the data transmitted by the product.

		@@ -1630,7 +1630,7 @@ Guidance: Integrity may be protected by the environment, permissions, duplicatio

		The product shall detect corruption of the data transmitted by the product.

		* Reference: TR-IDST
		* Reference: TR-IDTX

		* Objective: Integrity of data

		@@ -1797,7 +1797,6 @@ The product shall provide a method by which an authorized user can securely tran

		#### 5.2.X.x Mapping of mitigations to risk factors and security profiles


		\| Risk factors \| Requires mitigations \|
		\|---------------------\|----------------------\|
		\| DATA < 1 & CONF < 2 \| None \|
		@@ -2172,24 +2171,22 @@ Description: Firewall for enterprise network

		# Annex A (informative): Mapping between the present document and CRA requirements

		FIXME should be Annex ZA

		> Table mapping technical security requirements from clause 5 of the present document to essential cybersecurity requirements in Annex I of the CRA. The purpose of this is to help identify missing technical security requirements.

		\| CRA requirement \| Technical security requirements(s) \|
		\|-------------------------------------------------\|------------------------------------\|
		\| No known exploitable vulnerabilities \| \|
		\| Secure design, development, production \| TEST? \|
		\| Secure design, development, production \| \|
		\| Secure by default configuration \| SDEF \|
		\| Secure updates \| SCUD \|
		\| Authentication and access control mechanisms \| \|
		\| Confidentiality protection \| MISO, MSAF, CONF \|
		\| Integrity protection for data and configuration \| MISO \|
		\| Confidentiality protection \| MISO, MSAF, CDST, CDTX \|
		\| Integrity protection for data and configuration \| MISO, IDST, IDTX \|
		\| Data minimization \| DMIN \|
		\| Availability protection \| \|
		\| Minimize impact on other devices or services \| \|
		\| Limit attack surface \| MISO, MSAF, LMAS \|
		\| Exploit mitigation by limiting incident impact \| MISO, MSAF \|
		\| Exploit mitigation by limiting incident impact \| MISO, MIME MSAF \|
		\| Logging and monitoring mechanisms \| LSRE, LLTP, RLTP \|
		\| Secure deletion and data transfer \| SCDL, SDTR \|