summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorLovett, Trevor (tl2972) <tl2972@att.com>2018-09-21 09:37:21 -0500
committerLovett, Trevor (tl2972) <tl2972@att.com>2018-09-21 09:47:01 -0500
commit3be95938727c72a4a36c66ff756c759c79439671 (patch)
treed9e728ec12cb82edfd544de20f5d6bfe892c3a04 /docs
parent80801137ba1fc23baddce99242ae67e1c71068fb (diff)
VNFRQTS - Security logging requirements
Change-Id: I68dd17f5930c65961f25fd49e790a44f095dfd2d Issue-ID: VNFRQTS-443 Signed-off-by: Lovett, Trevor (tl2972) <tl2972@att.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/Chapter4/Security.rst15
-rwxr-xr-xdocs/Chapter7/Monitoring-And-Management.rst10
-rw-r--r--docs/data/needs.json67
3 files changed, 85 insertions, 7 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 940f1d7..9b4f5f7 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -246,6 +246,17 @@ the product’s lifecycle.
The VNF **MUST NOT** allow vendor access to VNFs remotely.
+.. req::
+ :id: R-638682
+ :target: VNF
+ :keyword: MUST
+ :introduced: casablanca
+ :validation_mode: in_service
+
+ The VNF **MUST** log any security event required by the VNF Requirements to
+ Syslog using LOG_AUTHPRIV for any event that would contain sensitive
+ information and LOG_AUTH for all other relevant events.
+
VNF Identity and Access Management Requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -288,10 +299,10 @@ Identity and Access Management Requirements
.. req::
:id: R-59391
:target: VNF
- :keyword: MUST
+ :keyword: MUST NOT
:updated: casablanca
- The VNF MUST NOT not allow the assumption of the permissions of
+ The VNF **MUST NOT** not allow the assumption of the permissions of
another account to mask individual accountability.
.. req::
diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst
index f3043a7..d622b5a 100755
--- a/docs/Chapter7/Monitoring-And-Management.rst
+++ b/docs/Chapter7/Monitoring-And-Management.rst
@@ -800,6 +800,16 @@ Asynchronous and Synchronous Data Delivery
in the future as they become standardized and are made available.)
.. req::
+ :id: R-332680
+ :target: XNF
+ :keyword: SHOULD
+ :impacts: dcae
+ :validation_mode: in_service
+
+ The xNF **SHOULD** deliver all syslog messages to the VES Collector per the
+ specifications in Monitoring and Management chapter.
+
+.. req::
:id: R-46290
:target: XNF
:keyword: MUST
diff --git a/docs/data/needs.json b/docs/data/needs.json
index fdef144..8d6aabc 100644
--- a/docs/data/needs.json
+++ b/docs/data/needs.json
@@ -1,5 +1,5 @@
{
- "created": "2018-09-21T09:04:14.699000",
+ "created": "2018-09-21T09:36:46.582000",
"current_version": "casablanca",
"project": "",
"versions": {
@@ -21858,7 +21858,7 @@
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-21T09:04:14.699000",
+ "created": "2018-09-21T09:36:46.582000",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's parameter defined\nin a nested YAML file\n**MUST NOT** have a parameter constraint defined.",
@@ -28740,6 +28740,35 @@
"validated_by": "",
"validation_mode": ""
},
+ "R-332680": {
+ "description": "The xNF **SHOULD** deliver all syslog messages to the VES Collector per the\nspecifications in Monitoring and Management chapter.",
+ "full_title": "",
+ "hide_links": "",
+ "id": "R-332680",
+ "impacts": "dcae",
+ "introduced": "",
+ "keyword": "SHOULD",
+ "links": [],
+ "notes": "",
+ "section_name": "Asynchronous and Synchronous Data Delivery",
+ "sections": [
+ "Asynchronous and Synchronous Data Delivery",
+ "Monitoring & Management Requirements",
+ "Monitoring & Management"
+ ],
+ "status": null,
+ "tags": [],
+ "target": "XNF",
+ "test": "",
+ "test_case": "",
+ "test_file": "",
+ "title": "",
+ "title_from_content": "",
+ "type_name": "Requirement",
+ "updated": "",
+ "validated_by": "",
+ "validation_mode": "in_service"
+ },
"R-33280": {
"description": "The xNF **MUST NOT** use any instance specific parameters\nin a playbook.",
"full_title": "",
@@ -34178,13 +34207,13 @@
"validation_mode": ""
},
"R-59391": {
- "description": "The VNF MUST NOT not allow the assumption of the permissions of\nanother account to mask individual accountability.",
+ "description": "The VNF **MUST NOT** not allow the assumption of the permissions of\nanother account to mask individual accountability.",
"full_title": "",
"hide_links": "",
"id": "R-59391",
"impacts": "",
"introduced": "",
- "keyword": "MUST",
+ "keyword": "MUST NOT",
"links": [],
"notes": "",
"section_name": "VNF Identity and Access Management Requirements",
@@ -34920,6 +34949,34 @@
"validated_by": "",
"validation_mode": ""
},
+ "R-638682": {
+ "description": "The VNF **MUST** log any security event required by the VNF Requirements to\nSyslog using LOG_AUTHPRIV for any event that would contain sensitive\ninformation and LOG_AUTH for all other relevant events.",
+ "full_title": "",
+ "hide_links": "",
+ "id": "R-638682",
+ "impacts": "",
+ "introduced": "casablanca",
+ "keyword": "MUST",
+ "links": [],
+ "notes": "",
+ "section_name": "VNF General Security Requirements",
+ "sections": [
+ "VNF General Security Requirements",
+ "VNF Security"
+ ],
+ "status": null,
+ "tags": [],
+ "target": "VNF",
+ "test": "",
+ "test_case": "",
+ "test_file": "",
+ "title": "",
+ "title_from_content": "",
+ "type_name": "Requirement",
+ "updated": "",
+ "validated_by": "",
+ "validation_mode": "in_service"
+ },
"R-63935": {
"description": "The xNF **MUST** release locks to prevent permanent lock-outs\nwhen a user configured timer has expired forcing the NETCONF SSH Session\ntermination (i.e., product must expose a configuration knob for a user\nsetting of a lock expiration timer).",
"full_title": "",
@@ -42452,7 +42509,7 @@
"validation_mode": "static"
}
},
- "needs_amount": 723
+ "needs_amount": 725
}
}
} \ No newline at end of file