diff options
author | Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-07 20:50:31 +0000 |
---|---|---|
committer | Bozawglanian, Hagop (hb755d) <hb755d@att.com> | 2018-09-07 20:50:31 +0000 |
commit | 5052284bcd1480ed3486acf1ef3750347a573a3d (patch) | |
tree | a234bfc3830db391fa8496c1a830e8d3d0fdcc37 /docs/Chapter4 | |
parent | 05dab0b4aed15917c7e7429465642e90cc10cb74 (diff) |
VNFRQTS - Reword and Move Security Req Batch 1
Including changes for VNFRQTS - 333, 334, 374, 378, 407, 409
Issue-ID: VNFRQTS-333
Change-Id: I336ae80a7c92887b06050a6bbe5d1a8d42f68008
Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
Diffstat (limited to 'docs/Chapter4')
-rw-r--r-- | docs/Chapter4/Security.rst | 110 |
1 files changed, 57 insertions, 53 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 6503d0c..384f07e 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -226,15 +226,6 @@ the product’s lifecycle. Application levels as appropriate. .. req:: - :id: R-98391 - :target: VNF - :keyword: MUST - - The VNF **MUST**, if not using the NCSP's IDAM API, support - Role-Based Access Control to permit/limit the user/application to - performing specific activities. - -.. req:: :id: R-62498 :target: VNF :keyword: MUST @@ -265,14 +256,6 @@ the product’s lifecycle. with the NCSP's credential management policy. .. req:: - :id: R-75041 - :target: VNF - :keyword: MUST - - The VNF **MUST**, if not using the NCSP's IDAM API, expire - passwords at regular configurable intervals. - -.. req:: :id: R-46908 :target: VNF :keyword: MUST @@ -330,6 +313,27 @@ the product’s lifecycle. accesses the resources of another system, and must never conceal individual accountability. +.. req:: + :id: R-80335 + :target: VNF + :keyword: MUST + :updated: casablanca + + For all GUI and command-line interfaces, the VNF **MUST** provide the + ability to present a warning notice that is set by the Operator. A warning + notice is a formal statement of resource intent presented to everyone + who accesses the system. + +.. req:: + :id: R-19082 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** allow the Operator to disable or remove any security + testing tools or programs included in the VNF, e.g., password cracker, + port scanner. + VNF Identity and Access Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -397,14 +401,6 @@ Identity and Access Management Requirements The VNF **MUST NOT** allow vendor access to VNFs remotely. .. req:: - :id: R-34552 - :target: VNF - :keyword: MUST - - The VNF **MUST** provide or support the Identity and Access - Management (IDAM) based threat detection data for OWASP Top 10. - -.. req:: :id: R-59391 :target: VNF :keyword: MUST @@ -417,17 +413,6 @@ Identity and Access Management Requirements uniquely identifies the individual performing the function. .. req:: - :id: R-80335 - :target: VNF - :keyword: MUST - - The VNF **MUST** make visible a Warning Notice: A formal - statement of resource intent, i.e., a warning notice, upon initial - access to a VNF provider user who accesses private internal networks - or Company computer resources, e.g., upon initial logon to an internal - web site, system or application which requires authentication. - -.. req:: :id: R-64503 :target: VNF :keyword: MUST @@ -478,15 +463,6 @@ Identity and Access Management Requirements to restrict access to VNF functions and data to authorized entities. .. req:: - :id: R-19082 - :target: VNF - :keyword: MUST NOT - - The VNF **MUST NOT** run security testing tools and - programs, e.g., password cracker, port scanners, hacking tools - in production, without authorization of the VNF system owner. - -.. req:: :id: R-85419 :target: VNF :keyword: SHOULD @@ -502,6 +478,25 @@ Identity and Access Management Requirements The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). +.. req:: + :id: R-75041 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST**, if not integrated the Operator's Identity and Access + Management system, support configurable password expiration. + +.. req:: + :id: R-98391 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST**, if not integrated with the Operator's Identity and + Access Management system, support Role-Based Access Control to enforce + least privilege. + VNF API Security Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -538,14 +533,6 @@ API Requirements represented by the certificate where PKI-based authentication is used. .. req:: - :id: R-47204 - :target: VNF - :keyword: MUST - - The VNF **MUST** protect the confidentiality and integrity of - data at rest and in transit from unauthorized access and modification. - -.. req:: :id: R-33488 :target: VNF :keyword: MUST @@ -971,6 +958,15 @@ Security Analytics Requirements routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. +.. req:: + :id: R-34552 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** be implemented so that it is not vulnerable to OWASP + Top 10 web application security risks. + VNF Data Protection Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -1160,3 +1156,11 @@ Data Protection Requirements validity of a digital certificate by recognizing the identity represented by the certificate - the "distinguished name". +.. req:: + :id: R-47204 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** be capable of protecting the confidentiality and integrity + of data at rest and in transit from unauthorized access and modification.
\ No newline at end of file |