diff options
author | Lovett, Trevor <trevor.lovett@att.com> | 2018-11-07 08:17:51 -0600 |
---|---|---|
committer | Lovett, Trevor <trevor.lovett@att.com> | 2018-11-07 08:17:51 -0600 |
commit | cb971745cdc0a5082ea16bb7ea21756721c95c96 (patch) | |
tree | 83dd3211adc82028b136a142307824b9c8dbd19f /docs/Chapter4/Security.rst | |
parent | 7099d63e46b0bc9bb5591a5f28e535b95fba2d86 (diff) |
VNFRQTS Updating security requirements
Change-Id: I71ae46277e1a832b462f37ccdb83159ac5e28033
Issue-ID: VNFRQTS-404
Issue-ID: VNFRQTS-369
Issue-ID: VNFRQTS-323
Issue-ID: VNFRQTS-357
Issue-ID: VNFRQTS-442
Issue-ID: VNFRQTS-485
Signed-off-by: Lovett, Trevor <trevor.lovett@att.com>
Diffstat (limited to 'docs/Chapter4/Security.rst')
-rw-r--r-- | docs/Chapter4/Security.rst | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 0b69e8f..25b767e 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -184,12 +184,17 @@ the product's lifecycle. SSH, SFTP. .. req:: - :id: R-35144 - :target: VNF - :keyword: MUST + :id: R-872986 + :target: VNF + :keyword: MUST + :introduced: casablanca - The VNF **MUST**, if not using the NCSP's IDAM API, comply - with the NCSP's credential management policy. + The VNF **MUST** store Authentication Credentials used to authenticate to + other systems encrypted except where there is a technical need to store + the password unencrypted in which case it must be protected using other + security techniques that include the use of file and directory permissions. + Ideally, credentials SHOULD rely on a HW Root of Trust, such as a + TPM or HSM. .. req:: :id: R-80335 @@ -357,14 +362,6 @@ Identity and Access Management Requirements user requires elevated permissions such as root or admin. .. req:: - :id: R-64503 - :target: VNF - :keyword: MUST - - The VNF **MUST** provide minimum privileges for initial - and default settings for new user accounts. - -.. req:: :id: R-86835 :target: VNF :keyword: MUST @@ -452,6 +449,15 @@ Identity and Access Management Requirements password. .. req:: + :id: R-844011 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF MUST not store authentication credentials to itself in clear + text or any reversible form and must use salting. + +.. req:: :id: R-79107 :target: VNF :keyword: MUST @@ -1014,6 +1020,15 @@ Security Analytics Requirements The VNF **SHOULD** provide the capability of maintaining the integrity of its static files using a cryptographic method. +.. req:: + :id: R-859208 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** log automated remote activities performed with + elevated privileges. + VNF Data Protection Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |