diff options
| author |   Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-10 18:02:42 +0000 |
|---|---|---|
| committer | Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-10 18:02:42 +0000 |
| commit | 29b40f43e5102f5289495a93044e5b71a3003ec3 (patch) | |
| tree | f2b1aa3db048f23cb227722319cfce806f907b3d /docs/Chapter4/Security.rst | |
| parent | 5052284bcd1480ed3486acf1ef3750347a573a3d (diff) | |
VNFRQS - Cryptography Reqs Batch 1
Including changes for VNFRQTS - 435, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434
Issue-ID: VNFRQTS-435
Change-Id: I5e4e32e7d56b601815b6b6d550d135dba3db3446
Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
Diffstat (limited to 'docs/Chapter4/Security.rst')
| -rw-r--r-- | docs/Chapter4/Security.rst | 104 |
1 files changed, 62 insertions, 42 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 384f07e..6f3f0b8 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -472,13 +472,6 @@ Identity and Access Management Requirements Authorization Server. .. req:: - :id: R-48080 - :target: VNF - :keyword: SHOULD - - The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). - -.. req:: :id: R-75041 :target: VNF :keyword: MUST @@ -1016,14 +1009,6 @@ Data Protection Requirements requiring encryption, the virtual memory should be encrypted. .. req:: - :id: R-93860 - :target: VNF - :keyword: MUST - - The VNF **MUST** provide the capability to integrate with an - external encryption service. - -.. req:: :id: R-73067 :target: VNF :keyword: MUST @@ -1063,59 +1048,98 @@ Data Protection Requirements versions of cryptographic algorithms and protocols with minimal impact. .. req:: - :id: R-44723 + :id: R-95864 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** use symmetric keys of at least 112 bits in length. + The VNF **MUST** support digital certificates that comply with X.509 + standards. .. req:: - :id: R-25401 + :id: R-12110 + :target: VNF + :keyword: MUST NOT + + The VNF **MUST NOT** use keys generated or derived from + predictable functions or values, e.g., values considered predictable + include user identity information, time of day, stored/transmitted data. + +.. req:: + :id: R-69610 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** use asymmetric keys of at least 2048 bits in length. + The VNF **MUST** provide the capability of using X.509 certificates + issued by an external Certificate Authority. .. req:: - :id: R-95864 + :id: R-47204 :target: VNF :keyword: MUST :updated: casablanca - The VNF **MUST** support digital certificates that comply with X.509 - standards. + The VNF **MUST** be capable of protecting the confidentiality and integrity + of data at rest and in transit from unauthorized access and modification. + + +VNF Cryptography Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This section covers VNF cryptography requirements that are mostly +applicable to encryption or protocol meethods. .. req:: - :id: R-12110 + :id: R-48080 :target: VNF - :keyword: MUST NOT + :keyword: SHOULD + :updated: casablanca - The VNF **MUST NOT** use keys generated or derived from - predictable functions or values, e.g., values considered predictable - include user identity information, time of day, stored/transmitted data. + The VNF **SHOULD** support an automated certificate management protocol + such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or + Automated Certificate Management Environment (ACME). .. req:: - :id: R-52060 + :id: R-93860 + :target: VNF + :keyword: SHOULD + :updated: casablanca + + The VNF **SHOULD** provide the capability to integrate with an + external encryption service. + +.. req:: + :id: R-44723 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** provide the capability to configure encryption - algorithms or devices so that they comply with the laws of the jurisdiction - in which there are plans to use data encryption. + The VNF **MUST** use symmetric keys of at least 112 bits in length. .. req:: - :id: R-69610 + :id: R-25401 :target: VNF :keyword: MUST :updated: casablanca - The VNF **MUST** provide the capability of using X.509 certificates - issued by an external Certificate Authority. + The VNF **MUST** use asymmetric keys of at least 2048 bits in length. + +.. req:: + :id: R-52060 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** provide the capability to configure encryption + algorithms or devices so that they comply with the laws of the jurisdiction + in which there are plans to use data encryption. .. req:: :id: R-83500 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of allowing certificate renewal and revocation. @@ -1124,6 +1148,7 @@ Data Protection Requirements :id: R-29977 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the CA signature on the certificate. @@ -1132,6 +1157,7 @@ Data Protection Requirements :id: R-24359 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the date the certificate is being @@ -1141,6 +1167,7 @@ Data Protection Requirements :id: R-39604 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by checking the Certificate Revocation @@ -1151,16 +1178,9 @@ Data Protection Requirements :id: R-75343 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by recognizing the identity represented by the certificate - the "distinguished name". -.. req:: - :id: R-47204 - :target: VNF - :keyword: MUST - :updated: casablanca - - The VNF **MUST** be capable of protecting the confidentiality and integrity - of data at rest and in transit from unauthorized access and modification.
\ No newline at end of file |