diff options
| author |   Bozawglanian, Hagop (hb755d) <hagop.bozawglanian@att.com> | 2018-10-29 17:36:26 +0000 |
|---|---|---|
| committer | Bozawglanian, Hagop (hb755d) <hagop.bozawglanian@att.com> | 2018-10-29 17:36:26 +0000 |
| commit | 454be43060ce9e5d00ec60f990887a76df067297 (patch) | |
| tree | 1931bc9a3d065201b9236123016cfc946162c0ab | |
| parent | 832f46b46374fdd03f125c42154f9139711b62f7 (diff) | |
VNFRQTS - Reword Security Req SECCOM 1
Contains changes for VNFRQTS-304, 312, 339, 341, 354
Issue-ID: VNFRQTS-304
Change-Id: I88be8ebb4a9ea6538baa6f384c3eb29fc52cfc0e
Signed-off-by: Bozawglanian, Hagop (hb755d) <hagop.bozawglanian@att.com>
| -rw-r--r-- | docs/Chapter4/Security.rst | 24 | ||||
| -rw-r--r-- | docs/data/needs.json | 14 |
2 files changed, 21 insertions, 17 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 1757be6..114772b 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -101,8 +101,9 @@ the product’s lifecycle. :keyword: SHOULD :updated: casablanca - The VNF **SHOULD** provide a mechanism for performing automated - system configuration auditing at configurable time intervals. + The VNF **SHOULD** provide a mechanism that enables the operators to + perform automated system configuration auditing at configurable time + intervals. .. req:: :id: R-23882 @@ -140,8 +141,9 @@ the product’s lifecycle. :keyword: SHOULD :updated: casablanca - The VNF **SHOULD** support Layer 3 VPNs that enable segregation of - traffic by application (i.e., AVPN, IPSec VPN for Internet routes). + The VNF **SHOULD** support network segregation, i.e., separation of OA&M + traffic from signaling and payload traffic, using technologies such as + VPN and VLAN. .. req:: :id: R-40813 @@ -253,7 +255,8 @@ Identity and Access Management Requirements :keyword: MUST :updated: casablanca - The VNF **MUST** allow the creation of multiple IDs so that + The VNF **MUST**, if not integrated with the Operator's Identity and + Access Management system, support the creation of multiple IDs so that individual accountability can be supported. .. req:: @@ -273,9 +276,9 @@ Identity and Access Management Requirements :keyword: MUST :updated: casablanca - Each layer of the VNF **MUST** support access restriction - independently of all other layers so that Segregation of Duties - can be implemented. + Each architectural layer of the VNF (eg. operating system, network, + application) **MUST** support access restriction independently of all + other layers so that Segregation of Duties can be implemented. .. req:: :id: R-59391 @@ -283,8 +286,9 @@ Identity and Access Management Requirements :keyword: MUST NOT :updated: casablanca - The VNF **MUST NOT** not allow the assumption of the permissions of - another account to mask individual accountability. + The VNF **MUST NOT** allow the assumption of the permissions of another + account to mask individual accountability. For example, use SUDO when a + user requires elevated permissions such as root or admin. .. req:: :id: R-64503 diff --git a/docs/data/needs.json b/docs/data/needs.json index cb5e24d..1c76f73 100644 --- a/docs/data/needs.json +++ b/docs/data/needs.json @@ -1,5 +1,5 @@ { - "created": "2018-10-26T21:53:38.098400", + "created": "2018-10-29T17:25:21.283162", "current_version": "casablanca", "project": "", "versions": { @@ -21858,7 +21858,7 @@ "needs_amount": 750 }, "casablanca": { - "created": "2018-10-26T21:53:38.098400", + "created": "2018-10-29T17:25:21.283084", "needs": { "R-00011": { "description": "A VNF's Heat Orchestration Template's parameter defined\nin a nested YAML file\n**MUST NOT** have a parameter constraint defined.", @@ -25775,7 +25775,7 @@ "validation_mode": "static" }, "R-19768": { - "description": "The VNF **SHOULD** support Layer 3 VPNs that enable segregation of\ntraffic by application (i.e., AVPN, IPSec VPN for Internet routes).", + "description": "The VNF **SHOULD** support network segregation, i.e., separation of OA&M\ntraffic from signaling and payload traffic, using technologies such as\nVPN and VLAN.", "full_title": "", "hide_links": "", "id": "R-19768", @@ -34858,7 +34858,7 @@ "validation_mode": "" }, "R-59391": { - "description": "The VNF **MUST NOT** not allow the assumption of the permissions of\nanother account to mask individual accountability.", + "description": "The VNF **MUST NOT** allow the assumption of the permissions of another\naccount to mask individual accountability. For example, use SUDO when a\nuser requires elevated permissions such as root or admin.", "full_title": "", "hide_links": "", "id": "R-59391", @@ -37367,7 +37367,7 @@ "validation_mode": "static" }, "R-71787": { - "description": "Each layer of the VNF **MUST** support access restriction\nindependently of all other layers so that Segregation of Duties\ncan be implemented.", + "description": "Each architectural layer of the VNF (eg. operating system, network,\napplication) **MUST** support access restriction independently of all\nother layers so that Segregation of Duties can be implemented.", "full_title": "", "hide_links": "", "id": "R-71787", @@ -41771,7 +41771,7 @@ "validation_mode": "static" }, "R-92207": { - "description": "The VNF **SHOULD** provide a mechanism for performing automated\nsystem configuration auditing at configurable time intervals.", + "description": "The VNF **SHOULD** provide a mechanism that enables the operators to\nperform automated system configuration auditing at configurable time\nintervals.", "full_title": "", "hide_links": "", "id": "R-92207", @@ -43247,7 +43247,7 @@ "validation_mode": "static" }, "R-99174": { - "description": "The VNF **MUST** allow the creation of multiple IDs so that\nindividual accountability can be supported.", + "description": "The VNF **MUST**, if not integrated with the Operator's Identity and\nAccess Management system, support the creation of multiple IDs so that\nindividual accountability can be supported.", "full_title": "", "hide_links": "", "id": "R-99174", |