summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBozawglanian, Hagop (hb755d) <hb755d@att.com>2018-09-12 17:25:55 +0000
committerBozawglanian, Hagop (hb755d) <hb755d@att.com>2018-09-12 17:25:55 +0000
commit50f5d2aaf582d3abd1db447646456cce2d1274b5 (patch)
treeacc7b05468c0bff0f2ee48784e72eda5f606f3c9
parent7165a22db11b41ac589cf2100478f76f92aa19b7 (diff)
VNFRQTS - Rewording Security Req Batch 6
Including the changes for VNFRQTS - 295, 317, 340, 380, 386 Issue-ID: VNFRQTS-295 Change-Id: I1a3cc6534ca274308137b5ffd60338f005a7b976 Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
-rw-r--r--docs/Chapter4/Security.rst36
-rw-r--r--docs/data/needs.json26
2 files changed, 36 insertions, 26 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 8fee063..f35d4c7 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -89,9 +89,11 @@ the product’s lifecycle.
:id: R-61354
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** implement access control list for OA&M
- services (e.g., restricting access to certain ports or applications).
+ The VNF **MUST** provide a mechanism (e.g., access control list) to
+ permit and/or restrict access to services on the VNF by source,
+ destination, protocol, and/or port.
.. req::
:id: R-92207
@@ -172,10 +174,12 @@ the product’s lifecycle.
:id: R-69649
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** have all vulnerabilities patched as soon
- as possible. Patching shall be controlled via change control process
- with vulnerabilities disclosed along with mitigation recommendations.
+ The VNF Provider **MUST** have patches available for vulnerabilities
+ in the VNF as soon as possible. Patching shall be controlled via change
+ control process with vulnerabilities disclosed along with
+ mitigation recommendations.
.. req::
:id: R-78010
@@ -326,10 +330,12 @@ Identity and Access Management Requirements
:id: R-42874
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** comply with Least Privilege (no more
- privilege than required to perform job functions) when persons
- or non-person entities access VNFs.
+ The VNF **MUST** allow the Operator to restrict access based on
+ the assigned permissions associated with an ID in order to support
+ Least Privilege (no more privilege than required to perform job
+ functions).
.. req::
:id: R-71787
@@ -617,10 +623,10 @@ Security Analytics Requirements
:id: R-58370
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** coexist and operate normally with commercial
- anti-virus software which shall produce alarms every time when there is a
- security incident.
+ The VNF **MUST** operate with anti-virus software which produces
+ alarms every time a virus is detected.
.. req::
:id: R-56920
@@ -960,9 +966,13 @@ Data Protection Requirements
:id: R-12467
:target: VNF
:keyword: MUST NOT
+ :updated: casablanca
- The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and
- Skipjack algorithms or other compromised encryption.
+ The VNF **MUST NOT** use compromised encryption algorithms.
+ For example, SHA, DSS, MD5, SHA-1 and Skipjack algorithms.
+ Acceptable algorithms can be found in the NIST FIPS publications
+ (https://csrc.nist.gov/publications/fips) and in the
+ NIST Special Publications (https://csrc.nist.gov/publications/sp).
.. req::
:id: R-02170
diff --git a/docs/data/needs.json b/docs/data/needs.json
index 54b7d00..6ca56f3 100644
--- a/docs/data/needs.json
+++ b/docs/data/needs.json
@@ -1,5 +1,5 @@
{
- "created": "2018-09-12T16:27:21.368274",
+ "created": "2018-09-12T17:22:55.929421",
"current_version": "casablanca",
"project": "",
"versions": {
@@ -21858,7 +21858,7 @@
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-12T16:27:21.368212",
+ "created": "2018-09-12T17:22:55.929309",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's parameter defined\nin a nested YAML file\n**MUST NOT** have a parameter constraint defined.",
@@ -24123,7 +24123,7 @@
"validation_mode": ""
},
"R-12467": {
- "description": "The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and\nSkipjack algorithms or other compromised encryption.",
+ "description": "The VNF **MUST NOT** use compromised encryption algorithms.\nFor example, SHA, DSS, MD5, SHA-1 and Skipjack algorithms.\nAcceptable algorithms can be found in the NIST FIPS publications\n(https://csrc.nist.gov/publications/fips) and in the\nNIST Special Publications (https://csrc.nist.gov/publications/sp).",
"full_title": "",
"hide_links": "",
"id": "R-12467",
@@ -24146,7 +24146,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -30744,7 +30744,7 @@
"validation_mode": ""
},
"R-42874": {
- "description": "The VNF **MUST** comply with Least Privilege (no more\nprivilege than required to perform job functions) when persons\nor non-person entities access VNFs.",
+ "description": "The VNF **MUST** allow the Operator to restrict access based on\nthe assigned permissions associated with an ID in order to support\nLeast Privilege (no more privilege than required to perform job\nfunctions).",
"full_title": "",
"hide_links": "",
"id": "R-42874",
@@ -30767,7 +30767,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -33942,7 +33942,7 @@
"validation_mode": ""
},
"R-58370": {
- "description": "The VNF **MUST** coexist and operate normally with commercial\nanti-virus software which shall produce alarms every time when there is a\nsecurity incident.",
+ "description": "The VNF **MUST** operate with anti-virus software which produces\nalarms every time a virus is detected.",
"full_title": "",
"hide_links": "",
"id": "R-58370",
@@ -33965,7 +33965,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -34394,7 +34394,7 @@
"validation_mode": ""
},
"R-61354": {
- "description": "The VNF **MUST** implement access control list for OA&M\nservices (e.g., restricting access to certain ports or applications).",
+ "description": "The VNF **MUST** provide a mechanism (e.g., access control list) to\npermit and/or restrict access to services on the VNF by source,\ndestination, protocol, and/or port.",
"full_title": "",
"hide_links": "",
"id": "R-61354",
@@ -34417,7 +34417,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -35987,7 +35987,7 @@
"validation_mode": ""
},
"R-69649": {
- "description": "The VNF **MUST** have all vulnerabilities patched as soon\nas possible. Patching shall be controlled via change control process\nwith vulnerabilities disclosed along with mitigation recommendations.",
+ "description": "The VNF Provider **MUST** have patches available for vulnerabilities\nin the VNF as soon as possible. Patching shall be controlled via change\ncontrol process with vulnerabilities disclosed along with\nmitigation recommendations.",
"full_title": "",
"hide_links": "",
"id": "R-69649",
@@ -36010,7 +36010,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -42205,7 +42205,7 @@
"validation_mode": ""
}
},
- "needs_amount": 722
+ "needs_amount": 715
}
}
} \ No newline at end of file