search

nmfta-repo / nmfta-telematics_security_requirements

Cybersecurity requirements for telematics systems developed in collaboration with motor freight carriers, telematics service providers and cybersecurity experts.
Other
4 stars 3 forks source link

update xref to match new version of ETSI document (TS 103 645 V1.1.1) #25

Closed jdaoust closed 3 years ago

jdaoust commented 3 years ago

Changed the only external reference (for requirement AC-080) to the ETSI TS 103 645 V1.1.1 document to the new version (ETSI EN 303 645 V2.1.0). This required changing the reference document title, changing the provision number and changing the provision text.

The changes in the provision text were not only syntaxic, but also semantic. However, it still seems to apply/support requirement AC-080 correctly.

This version of the matrix builds up on the one containing the changes suggested in Pull Request #24

The README file was also changed accordingly, to include the updated reference.

Here is a text-diff of the changes to the XLS:


diff --git a/PRE-UPDATE_TCRM.csv b/POST-UPDATE_TCRM.csv
index 5987868..464fcfb 100755
--- a/PRE-UPDATE_TCRM.csv
+++ b/POST-UPDATE_TCRM.csv
@@ -101,7 +101,7 @@ CTIA ICCTP 5.2 Password Management Test",Inspection of vendor-supplied documenta
 "Mobile App;
 Physical In-Cab Device;
 Connectivity/Communications;
-",AC-080,Device-Local Authentication,All authentication offered on device-local interfaces shall expect credentials which are unique to each device instance and uncorrelated to any and all public information about the device.,"ETSI TS 103 645 V1.1.1 Provision 4.1-1 All IoT device passwords shall be unique and shall not be resettable to any universal factory default value.
+",AC-080,Device-Local Authentication,All authentication offered on device-local interfaces shall expect credentials which are unique to each device instance and uncorrelated to any and all public information about the device.,"ETSI EN 303 645 V2.1.0 Provision 5.1-1 Where passwords are used and in any state other than the factory default, all consumer IoT device passwords shall be unique per device or defined by the user.

 FMCSA GDL 32 Make sure local wireless interfaces like Bluetooth or Wi-Fi don't provide admin access without authentication.
BenGardiner commented 3 years ago

at the 20210614 meeting these changes were reviewed and approved. thank you, @jdaoust 👍