summaryrefslogtreecommitdiffstats
path: root/docs/Chapter4
diff options
context:
space:
mode:
authorBozawglanian, Hagop (hb755d) <hb755d@att.com>2018-08-30 20:05:02 +0000
committerBozawglanian, Hagop (hb755d) <hb755d@att.com>2018-08-30 22:16:53 +0000
commitd57c071136e492a4e4d2f83df389a96b16ec7bb3 (patch)
tree27cdda9cd5bb55173b36581688c1800464becbd2 /docs/Chapter4
parent2856dba4b5cb67dd6dde80e52bf1e8645503528b (diff)
VNFRQTS - Rewording Security Req Batch 2
Including changes for VNFRQTS-302, 312, 314, 322, 339 Issue-ID: VNFRQTS-302 Change-Id: I21e8efc1c305d3f2a1881bac533e665255a8c83b Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
Diffstat (limited to 'docs/Chapter4')
-rw-r--r--docs/Chapter4/Security.rst28
1 files changed, 14 insertions, 14 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 5c4b6fe..7197e7c 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -80,12 +80,10 @@ the product’s lifecycle.
:id: R-23740
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** accommodate the security principle of
- "least privilege" during development, implementation and operation.
- The importance of "least privilege" cannot be overstated and must be
- observed in all aspects of VNF development and not limited to security.
- This is applicable to all sections of this document.
+ The VNF **MUST** implement and enforce the principle of least privilege
+ on all protected interfaces.
.. req::
:id: R-61354
@@ -161,10 +159,10 @@ the product’s lifecycle.
:id: R-19768
:target: VNF
:keyword: SHOULD
+ :updated: casablanca
- The VNF **SHOULD** support L3 VPNs that enable segregation of
- traffic by application (dropping packets not belonging to the VPN) (i.e.,
- AVPN, IPSec VPN for Internet routes).
+ The VNF **SHOULD** support Layer 3 VPNs that enable segregation of
+ traffic by application (i.e., AVPN, IPSec VPN for Internet routes).
.. req::
:id: R-33981
@@ -179,9 +177,10 @@ the product’s lifecycle.
:id: R-40813
:target: VNF
:keyword: SHOULD
+ :updated: casablanca
The VNF **SHOULD** support the use of virtual trusted platform
- module, hypervisor security testing and standards scanning tools.
+ module.
.. req::
:id: R-56904
@@ -280,9 +279,10 @@ the product’s lifecycle.
:id: R-62498
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST**, if not using the NCSPs IDAM API, encrypt
- OA&M access (e.g., SSH, SFTP).
+ The VNF **MUST** support encrypted access protocols, e.g., TLS,
+ SSH, SFTP.
.. req::
:id: R-79107
@@ -406,10 +406,10 @@ Identity and Access Management Requirements
:id: R-99174
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** comply with Individual Accountability
- (each person must be assigned a unique ID) when persons or non-person
- entities access VNFs.
+ The VNF **MUST** allow the creation of multiple IDs so that
+ individual accountability can be supported.
.. req::
:id: R-42874