scope:

The present document specifies a conformance assessment methodology for Home Gateway devices of their security risk mitigation and privacy protection measures against the ETSI TS 103 848 [1], addressing the mandatory provisions as well as conditions and complements of the standard by defining test cases and assessment criteria for each provision. The methodology is fully adapted from ETSI TS 103 701 [2] and the present document additionally covers the modifications and additions on provisions made in the ETSI TS 103 848 [1].

The present document intends to support suppliers or implementers of Home Gateway products in first-party assessment (self-assessment), user organizations in second party assessment, independent testing organizations in third party assessment and certification and conformance declaration scheme owners in operating harmonized schemes. Defining a certification or conformance declaration scheme is out of scope of the present document.

Multi-medium or highly targeted/sophisticated attacks and thus the invasive analysis of hard- and software modules is out of scope of the present document. The Test Scenarios (TSOs) are targeting basic effort regarding test depth and test circumference in accordance with the ETSI TS 103 848 [1] which addresses a baseline security level.

Due to the heterogeneity of Home Gateway devices, the ETSI TS 103 848 [1] and therefore the associated test groups in the present document are formulated in a generic manner. Thus, the present document does not describe specific tools or detailed step-by-step instructions. The test cases are intended to be performed by competent bodies that have the expertise to derive a suitable test plan.