VNFRQTS - Reword and Move Security Batch 2

Including changes for VNFRQTS-335, 375, 376 Issue-ID: VNFRQTS-335 Change-Id: I1a41cfe71cc8adba322368490f8368e2ae64d65a Signed-off-by: Bozawglanian, Hagop (hb755d) <hb755d@att.com>
author: Bozawglanian, Hagop (hb755d) <hb755d@att.com> 2018-09-17 18:02:14 +0000
committer: Bozawglanian, Hagop (hb755d) <hb755d@att.com> 2018-09-17 18:02:14 +0000
commit: ad19e47bcf16bd3e6416628761cc3c5f66175772 (patch)
tree: 5b45ed32b8d4c9ae81226af115f7054f11bb5009 /docs/Chapter4
parent: 7188bd47e219f83405ba8296ebfcdf054e25a998 (diff)
1 files changed, 40 insertions, 39 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index f35d4c7..2c3c47d 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -209,19 +209,6 @@ the product’s lifecycle.
     SSH, SFTP.
 
 .. req::
-    :id: R-79107
-    :target: VNF
-    :keyword: MUST
-
-    The VNF **MUST**, if not using the NCSP's IDAM API, enforce
-    a configurable maximum number of Login attempts policy for the users.
-    VNF provider must comply with "terminate idle sessions" policy.
-    Interactive sessions must be terminated, or a secure, locking screensaver
-    must be activated requiring authentication, after a configurable period
-    of inactivity. The system-based inactivity timeout for the enterprise
-    identity and access management system must also be configurable.
-
-.. req::
     :id: R-35144
     :target: VNF
     :keyword: MUST
@@ -230,24 +217,6 @@ the product’s lifecycle.
     with the NCSP's credential management policy.
 
 .. req::
-    :id: R-46908
-    :target: VNF
-    :keyword: MUST
-
-    The VNF **MUST**, if not using the NCSP's IDAM API, comply
-    with "password complexity" policy. When passwords are used, they shall
-    be complex and shall at least meet the following password construction
-    requirements: (1) be a minimum configurable number of characters in
-    length, (2) include 3 of the 4 following types of characters:
-    upper-case alphabetic, lower-case alphabetic, numeric, and special,
-    (3) not be the same as the UserID with which they are associated or
-    other common strings as specified by the environment, (4) not contain
-    repeating or sequential characters or numbers, (5) not to use special
-    characters that may have command functions, and (6) new passwords must
-    not contain sequences of three or more characters from the previous
-    password.
-
-.. req::
     :id: R-39342
     :target: VNF
     :keyword: MUST
@@ -308,6 +277,15 @@ the product’s lifecycle.
     testing tools or programs included in the VNF, e.g., password cracker,
     port scanner.
 
+.. req::
+    :id: R-21819
+    :target: VNF
+    :keyword: MUST
+    :updated: casablanca
+
+    The VNF **MUST** provide functionality that enables the Operator to comply
+    with requests for information from law enforcement and government agencies.
+
 VNF Identity and Access Management Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -441,6 +419,37 @@ Identity and Access Management Requirements
     Access Management system, support Role-Based Access Control to enforce
     least privilege.
 
+.. req::
+    :id: R-46908
+    :target: VNF
+    :keyword: MUST
+    :updated: casablanca
+
+    The VNF **MUST**, if not integrated with the Operator's Identity
+    and Access Management system, comply with "password complexity"
+    policy. When passwords are used, they shall be complex and shall at
+    least meet the following password construction requirements: (1) be a
+    minimum configurable number of characters in length, (2) include 3 of
+    the 4 following types of characters: upper-case alphabetic, lower-case
+    alphabetic, numeric, and special, (3) not be the same as the UserID
+    with which they are associated or other common strings as specified
+    by the environment, (4) not contain repeating or sequential characters
+    or numbers, (5) not to use special characters that may have command
+    functions, and (6) new passwords must not contain sequences of three
+    or more characters from the previous password.
+
+.. req::
+    :id: R-79107
+    :target: VNF
+    :keyword: MUST
+    :updated: casablanca
+
+    The VNF **MUST**, if not integrated with the Operator's Identity
+    and Access Management system, support the ability to disable the
+    userID after a configurable number of consecutive unsuccessful
+    authentication attempts using the same userID.
+
+
 VNF API Security Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -844,14 +853,6 @@ Security Analytics Requirements
     abuse detection.
 
 .. req::
-    :id: R-21819
-    :target: VNF
-    :keyword: MUST
-
-    The VNF **MUST** support requests for information from law
-    enforcement and government agencies.
-
-.. req::
     :id: R-04492
     :target: VNF
     :keyword: MUST
author	Bozawglanian, Hagop (hb755d) <hb755d@att.com>	2018-09-17 18:02:14 +0000
committer	Bozawglanian, Hagop (hb755d) <hb755d@att.com>	2018-09-17 18:02:14 +0000
commit	ad19e47bcf16bd3e6416628761cc3c5f66175772 (patch)
tree	5b45ed32b8d4c9ae81226af115f7054f11bb5009 /docs/Chapter4
parent	7188bd47e219f83405ba8296ebfcdf054e25a998 (diff)