VNFRQTS - New Security Req SECCOM 2

Contains commits for VNFRQTS-368, 370, 371, 372, 377, 403, 405, 406, 440, 448

Issue-ID: VNFRQTS-368

Change-Id: I46d581ebec85977ab5ab9680d673e1941585c5b0
Signed-off-by: Bozawglanian, Hagop (hb755d) <hagop.bozawglanian@att.com>

1 files changed, 95 insertions, 0 deletions

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 50eb650..0b69e8f 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -295,6 +295,16 @@ the product's lifecycle.
    attempts since then made with that user's ID. This requirement is only
    applicable when the user account is defined locally in the VNF.
 
+.. req::
+   :id: R-842258
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** include a configuration, e.g., a heat template or CSAR
+   package, that specifies the targetted parameters, e.g. a limited set of
+   ports, over which the VNF will communicate (including internal, external
+   and management communication).
 
 VNF Identity and Access Management Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -483,6 +493,52 @@ Identity and Access Management Requirements
    approved identity lifecycle management tool using a standard protocol,
    e.g., NETCONF API.
 
+.. req::
+   :id: R-931076
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** support account names that contain at least A-Z, a-z,
+   0-9 character sets and be at least 6 characters in length.
+
+.. req::
+   :id: R-581188
+   :target: VNF
+   :keyword: MUST NOT
+   :introduced: casablanca
+
+   A failed authentication attempt **MUST NOT** identify the reason for the
+   failure to the user, only that the authentication failed.
+
+.. req::
+   :id: R-479386
+   :target: VNF
+   :keyword: MUST NOT
+   :introduced: casablanca
+
+   The VNF **MUST NOT** display "Welcome" notices or messages that could
+   be misinterpreted as extending an invitation to unauthorized users.
+
+.. req::
+   :id: R-231402
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** provide a means for the user to explicitly logout, thus
+   ending that session for that authenticated user.
+
+.. req::
+   :id: R-45719
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST**, if not integrated with the Operator's Identity and Access
+   Management system, or enforce a configurable "terminate idle sessions"
+   policy by terminating the session after a configurable period of inactivity.
+
 
 VNF API Security Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -919,6 +975,45 @@ Security Analytics Requirements
     attacks, both volumetric and non-volumetric, or integrate with external
     denial of service protection tools.
 
+.. req::
+   :id: R-629534
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** be capable of automatically synchronizing the system clock
+   daily with the Operator's trusted time source, to assure accurate time
+   reporting in log files. It is recommended that Coordinated Universal Time
+   (UTC) be used where possible, so as to eliminate ambiguity owing to daylight
+   savings time.
+
+.. req::
+   :id: R-303569
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** log the Source IP address in the security audit logs.
+
+.. req::
+   :id: R-703767
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** have the capability to securely transmit the security logs
+   and security events to a remote system before they are purged from the
+   system.
+
+.. req::
+   :id: R-465236
+   :target: VNF
+   :keyword: SHOULD
+   :introduced: casablanca
+
+   The VNF **SHOULD** provide the capability of maintaining the integrity of
+   its static files using a cryptographic method.
+
 VNF Data Protection Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^