How to identify and classify assets (network, security, privacy) in a DUT for EN 18031? #19
-
|
Hi, I am working on EN 18031 testing and I need guidance on how to properly identify assets in a Device Under Test (DUT), such as network assets, security assets, and privacy assets. Specifically, I want to understand: How to determine all assets exposed by the DUT (network interfaces, services, ports, protocols, data types, etc.). How to map each physical and logical interface to the corresponding asset (e.g., LAN ports, WLAN SSIDs, web portal, APIs, mobile app interfaces). How to decide whether an asset should be tested under ACM-1, ACM-2, etc. Whether there is a recommended methodology or checklist to classify assets into network / security / privacy asset categories (based on EN 18031-1 & the Zealience “Privacy Assets” guide). If possible, please share examples or references on: Asset classification Interface mapping Deciding which assets are in scope for testing Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @MithunKrishna2008 , Thanks for your questions! I would recommend reading our article EN 18031 & RED Cybersecurity Compliance Guide for IoT Manufacturers. In particular, you can find answers to your questions in the section "Deep Dive into EN 18031".
I hope this clarifies your questions! Guillaume |
Beta Was this translation helpful? Give feedback.
Hi @MithunKrishna2008 ,
Thanks for your questions!
I would recommend reading our article EN 18031 & RED Cybersecurity Compliance Guide for IoT Manufacturers. In particular, you can find answers to your questions in the section "Deep Dive into EN 18031".
How to determine all assets exposed by the DUT (network interfaces, services, ports, protocols, data types, etc.).
--> Assets are defined in EN 18031. Therefore, it is best to keep in mind their definitions to identify them. Refer to the section The “Asset-Based” Approach of EN 18031 for explanation on assets.
How to map each physical and logical interface to the corresponding asset (e.g., LAN ports, WLAN SSIDs, web portal, APIs, mobil…