diff options
| author |   Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-08-30 20:05:02 +0000 |
|---|---|---|
| committer | Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-08-30 22:16:53 +0000 |
| commit | d57c071136e492a4e4d2f83df389a96b16ec7bb3 (patch) | |
| tree | 27cdda9cd5bb55173b36581688c1800464becbd2 /docs/Chapter4/Security.rst | |
| parent | 2856dba4b5cb67dd6dde80e52bf1e8645503528b (diff) | |
VNFRQTS - Rewording Security Req Batch 2
Including changes for VNFRQTS-302, 312, 314, 322, 339
Issue-ID: VNFRQTS-302
Change-Id: I21e8efc1c305d3f2a1881bac533e665255a8c83b
Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
Diffstat (limited to 'docs/Chapter4/Security.rst')
| -rw-r--r-- | docs/Chapter4/Security.rst | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 5c4b6fe..7197e7c 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -80,12 +80,10 @@ the product’s lifecycle. :id: R-23740 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** accommodate the security principle of - "least privilege" during development, implementation and operation. - The importance of "least privilege" cannot be overstated and must be - observed in all aspects of VNF development and not limited to security. - This is applicable to all sections of this document. + The VNF **MUST** implement and enforce the principle of least privilege + on all protected interfaces. .. req:: :id: R-61354 @@ -161,10 +159,10 @@ the product’s lifecycle. :id: R-19768 :target: VNF :keyword: SHOULD + :updated: casablanca - The VNF **SHOULD** support L3 VPNs that enable segregation of - traffic by application (dropping packets not belonging to the VPN) (i.e., - AVPN, IPSec VPN for Internet routes). + The VNF **SHOULD** support Layer 3 VPNs that enable segregation of + traffic by application (i.e., AVPN, IPSec VPN for Internet routes). .. req:: :id: R-33981 @@ -179,9 +177,10 @@ the product’s lifecycle. :id: R-40813 :target: VNF :keyword: SHOULD + :updated: casablanca The VNF **SHOULD** support the use of virtual trusted platform - module, hypervisor security testing and standards scanning tools. + module. .. req:: :id: R-56904 @@ -280,9 +279,10 @@ the product’s lifecycle. :id: R-62498 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST**, if not using the NCSPs IDAM API, encrypt - OA&M access (e.g., SSH, SFTP). + The VNF **MUST** support encrypted access protocols, e.g., TLS, + SSH, SFTP. .. req:: :id: R-79107 @@ -406,10 +406,10 @@ Identity and Access Management Requirements :id: R-99174 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** comply with Individual Accountability - (each person must be assigned a unique ID) when persons or non-person - entities access VNFs. + The VNF **MUST** allow the creation of multiple IDs so that + individual accountability can be supported. .. req:: :id: R-42874 |