Over deze norm
||Telecommunications and information exchange between systems
NEN-ISO/IEC/IEEE 8802-1AE is to specify provision of connectionless user data confidentiality, frame dataintegrity, and data origin authenticity by media access independent protocols and entities that operatetransparently to MAC Clients. To this end, ita) Specifies the requirements to be satisfied by equipment claiming conformance to this standard.b) Specifies the requirements for MACsec in terms of provision of the MAC Service and thepreservation of the semantics and parameters of service requests and indications.c) Describes the threats, both intentional and accidental, to correct provision of the service.d) Specifies security services that prevent, or restrict, the effect of attacks that exploit these threats.e) Examines the potential impact of both the threats and the use of MACsec on the Quality of Service(QoS), specifying constraints on the design and operation of MAC Security entities and protocols.f) Models support of the secure MAC Service in terms of the operation of media access control methodindependent MAC Security Entities (SecYs) within the MAC Sublayer.g) Specifies the format of the MACsec Protocol Data Unit (MPDUs) used to provide secure service.h) Identifies the functions to be performed by each SecY, and provides an architectural model of itsinternal operation in terms of Processes and Entities that provide those functions.i) Specifies each SecYâ€™s use of an associated and collocated Port Access Entity (PAE,IEEE Std 802.1X) to discover and authenticate MACsec protocol peers and its use of that PAEâ€™sKey Agreement Entity (KaY) to agree and update cryptographic keys.j) Specifies performance requirements and recommends default values and applicable ranges for theoperational parameters of a SecY.k) Specifies how SecYs are incorporated within the architecture of end stations, bridges, and two-portEthernet Data Encryption devices (EDEs).l) Establishes the requirements for management of MAC Security, identifying the managed objectsand defining the management operations for SecYs.m) Specifies the Management Information Base (MIB) module for managing the operation of MACSecurity in TCP/IP networks. n) Specifies requirements, criteria, and choices of Cipher Suites for use with this standard.