diff options
| author |   Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-07 20:50:31 +0000 |
|---|---|---|
| committer | Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-07 20:50:31 +0000 |
| commit | 5052284bcd1480ed3486acf1ef3750347a573a3d (patch) | |
| tree | a234bfc3830db391fa8496c1a830e8d3d0fdcc37 | |
| parent | 05dab0b4aed15917c7e7429465642e90cc10cb74 (diff) | |
VNFRQTS - Reword and Move Security Req Batch 1
Including changes for VNFRQTS - 333, 334, 374, 378, 407, 409
Issue-ID: VNFRQTS-333
Change-Id: I336ae80a7c92887b06050a6bbe5d1a8d42f68008
Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
| -rw-r--r-- | docs/Chapter4/Security.rst | 110 | ||||
| -rw-r--r-- | docs/data/needs.json | 54 |
2 files changed, 84 insertions, 80 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 6503d0c..384f07e 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -226,15 +226,6 @@ the product’s lifecycle. Application levels as appropriate. .. req:: - :id: R-98391 - :target: VNF - :keyword: MUST - - The VNF **MUST**, if not using the NCSP's IDAM API, support - Role-Based Access Control to permit/limit the user/application to - performing specific activities. - -.. req:: :id: R-62498 :target: VNF :keyword: MUST @@ -265,14 +256,6 @@ the product’s lifecycle. with the NCSP's credential management policy. .. req:: - :id: R-75041 - :target: VNF - :keyword: MUST - - The VNF **MUST**, if not using the NCSP's IDAM API, expire - passwords at regular configurable intervals. - -.. req:: :id: R-46908 :target: VNF :keyword: MUST @@ -330,6 +313,27 @@ the product’s lifecycle. accesses the resources of another system, and must never conceal individual accountability. +.. req:: + :id: R-80335 + :target: VNF + :keyword: MUST + :updated: casablanca + + For all GUI and command-line interfaces, the VNF **MUST** provide the + ability to present a warning notice that is set by the Operator. A warning + notice is a formal statement of resource intent presented to everyone + who accesses the system. + +.. req:: + :id: R-19082 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** allow the Operator to disable or remove any security + testing tools or programs included in the VNF, e.g., password cracker, + port scanner. + VNF Identity and Access Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -397,14 +401,6 @@ Identity and Access Management Requirements The VNF **MUST NOT** allow vendor access to VNFs remotely. .. req:: - :id: R-34552 - :target: VNF - :keyword: MUST - - The VNF **MUST** provide or support the Identity and Access - Management (IDAM) based threat detection data for OWASP Top 10. - -.. req:: :id: R-59391 :target: VNF :keyword: MUST @@ -417,17 +413,6 @@ Identity and Access Management Requirements uniquely identifies the individual performing the function. .. req:: - :id: R-80335 - :target: VNF - :keyword: MUST - - The VNF **MUST** make visible a Warning Notice: A formal - statement of resource intent, i.e., a warning notice, upon initial - access to a VNF provider user who accesses private internal networks - or Company computer resources, e.g., upon initial logon to an internal - web site, system or application which requires authentication. - -.. req:: :id: R-64503 :target: VNF :keyword: MUST @@ -478,15 +463,6 @@ Identity and Access Management Requirements to restrict access to VNF functions and data to authorized entities. .. req:: - :id: R-19082 - :target: VNF - :keyword: MUST NOT - - The VNF **MUST NOT** run security testing tools and - programs, e.g., password cracker, port scanners, hacking tools - in production, without authorization of the VNF system owner. - -.. req:: :id: R-85419 :target: VNF :keyword: SHOULD @@ -502,6 +478,25 @@ Identity and Access Management Requirements The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). +.. req:: + :id: R-75041 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST**, if not integrated the Operator's Identity and Access + Management system, support configurable password expiration. + +.. req:: + :id: R-98391 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST**, if not integrated with the Operator's Identity and + Access Management system, support Role-Based Access Control to enforce + least privilege. + VNF API Security Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -538,14 +533,6 @@ API Requirements represented by the certificate where PKI-based authentication is used. .. req:: - :id: R-47204 - :target: VNF - :keyword: MUST - - The VNF **MUST** protect the confidentiality and integrity of - data at rest and in transit from unauthorized access and modification. - -.. req:: :id: R-33488 :target: VNF :keyword: MUST @@ -971,6 +958,15 @@ Security Analytics Requirements routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. +.. req:: + :id: R-34552 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** be implemented so that it is not vulnerable to OWASP + Top 10 web application security risks. + VNF Data Protection Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1160,3 +1156,11 @@ Data Protection Requirements validity of a digital certificate by recognizing the identity represented by the certificate - the "distinguished name". +.. req:: + :id: R-47204 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** be capable of protecting the confidentiality and integrity + of data at rest and in transit from unauthorized access and modification.
\ No newline at end of file diff --git a/docs/data/needs.json b/docs/data/needs.json index 8388790..2d38372 100644 --- a/docs/data/needs.json +++ b/docs/data/needs.json @@ -1,5 +1,5 @@ { - "created": "2018-09-06T17:45:18.112660", + "created": "2018-09-07T19:37:09.602325", "current_version": "casablanca", "project": "", "versions": { @@ -21858,7 +21858,7 @@ "needs_amount": 750 }, "casablanca": { - "created": "2018-09-06T17:45:18.112581", + "created": "2018-09-07T19:37:09.602183", "needs": { "R-00011": { "description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.", @@ -25429,18 +25429,18 @@ "validation_mode": "" }, "R-19082": { - "description": "The VNF **MUST NOT** run security testing tools and\nprograms, e.g., password cracker, port scanners, hacking tools\nin production, without authorization of the VNF system owner.", + "description": "The VNF **MUST** allow the Operator to disable or remove any security\ntesting tools or programs included in the VNF, e.g., password cracker,\nport scanner.", "full_title": "", "hide_links": "", "id": "R-19082", "impacts": "", "introduced": "", - "keyword": "MUST NOT", + "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF Identity and Access Management Requirements", + "section_name": "VNF General Security Requirements", "sections": [ - "VNF Identity and Access Management Requirements", + "VNF General Security Requirements", "VNF Security" ], "status": null, @@ -25452,7 +25452,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -29044,7 +29044,7 @@ "validation_mode": "" }, "R-34552": { - "description": "The VNF **MUST** provide or support the Identity and Access\nManagement (IDAM) based threat detection data for OWASP Top 10.", + "description": "The VNF **MUST** be implemented so that it is not vulnerable to OWASP\nTop 10 web application security risks.", "full_title": "", "hide_links": "", "id": "R-34552", @@ -29053,9 +29053,9 @@ "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF Identity and Access Management Requirements", + "section_name": "VNF Security Analytics Requirements", "sections": [ - "VNF Identity and Access Management Requirements", + "VNF Security Analytics Requirements", "VNF Security" ], "status": null, @@ -29067,7 +29067,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -31943,7 +31943,7 @@ "validation_mode": "" }, "R-47204": { - "description": "The VNF **MUST** protect the confidentiality and integrity of\ndata at rest and in transit from unauthorized access and modification.", + "description": "The VNF **MUST** be capable of protecting the confidentiality and integrity\nof data at rest and in transit from unauthorized access and modification.", "full_title": "", "hide_links": "", "id": "R-47204", @@ -31952,9 +31952,9 @@ "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF API Security Requirements", + "section_name": "VNF Data Protection Requirements", "sections": [ - "VNF API Security Requirements", + "VNF Data Protection Requirements", "VNF Security" ], "status": null, @@ -31966,7 +31966,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -37118,7 +37118,7 @@ "validation_mode": "" }, "R-75041": { - "description": "The VNF **MUST**, if not using the NCSP's IDAM API, expire\npasswords at regular configurable intervals.", + "description": "The VNF **MUST**, if not integrated the Operator's Identity and Access\nManagement system, support configurable password expiration.", "full_title": "", "hide_links": "", "id": "R-75041", @@ -37127,9 +37127,9 @@ "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF General Security Requirements", + "section_name": "VNF Identity and Access Management Requirements", "sections": [ - "VNF General Security Requirements", + "VNF Identity and Access Management Requirements", "VNF Security" ], "status": null, @@ -37141,7 +37141,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -37947,7 +37947,7 @@ "validation_mode": "" }, "R-80335": { - "description": "The VNF **MUST** make visible a Warning Notice: A formal\nstatement of resource intent, i.e., a warning notice, upon initial\naccess to a VNF provider user who accesses private internal networks\nor Company computer resources, e.g., upon initial logon to an internal\nweb site, system or application which requires authentication.", + "description": "For all GUI and command-line interfaces, the VNF **MUST** provide the\nability to present a warning notice that is set by the Operator. A warning\nnotice is a formal statement of resource intent presented to everyone\nwho accesses the system.", "full_title": "", "hide_links": "", "id": "R-80335", @@ -37956,9 +37956,9 @@ "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF Identity and Access Management Requirements", + "section_name": "VNF General Security Requirements", "sections": [ - "VNF Identity and Access Management Requirements", + "VNF General Security Requirements", "VNF Security" ], "status": null, @@ -37970,7 +37970,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -41811,7 +41811,7 @@ "validation_mode": "" }, "R-98391": { - "description": "The VNF **MUST**, if not using the NCSP's IDAM API, support\nRole-Based Access Control to permit/limit the user/application to\nperforming specific activities.", + "description": "The VNF **MUST**, if not integrated with the Operator\u2019s Identity and\nAccess Management system, support Role-Based Access Control to enforce\nleast privilege.", "full_title": "", "hide_links": "", "id": "R-98391", @@ -41820,9 +41820,9 @@ "keyword": "MUST", "links": [], "notes": "", - "section_name": "VNF General Security Requirements", + "section_name": "VNF Identity and Access Management Requirements", "sections": [ - "VNF General Security Requirements", + "VNF Identity and Access Management Requirements", "VNF Security" ], "status": null, @@ -41834,7 +41834,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, |