summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/Chapter4/Security.rst84
-rw-r--r--docs/data/needs.json258
2 files changed, 3 insertions, 339 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index a56643d..6503d0c 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -397,17 +397,6 @@ Identity and Access Management Requirements
The VNF **MUST NOT** allow vendor access to VNFs remotely.
.. req::
- :id: R-49945
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** authorize VNF provider access through a
- client application API by the client application owner and the resource
- owner of the VNF before provisioning authorization through Role Based
- Access Control (RBAC), Attribute Based Access Control (ABAC), or other
- policy based mechanism.
-
-.. req::
:id: R-34552
:target: VNF
:keyword: MUST
@@ -428,15 +417,6 @@ Identity and Access Management Requirements
uniquely identifies the individual performing the function.
.. req::
- :id: R-85028
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** authenticate system to system access and
- do not conceal a VNF provider user's individual accountability for
- transactions.
-
-.. req::
:id: R-80335
:target: VNF
:keyword: MUST
@@ -448,17 +428,6 @@ Identity and Access Management Requirements
web site, system or application which requires authentication.
.. req::
- :id: R-73541
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** use access controls for VNFs and their
- supporting computing systems at all times to restrict access to
- authorized personnel only, e.g., least privilege. These controls
- could include the use of system configuration or access control
- software.
-
-.. req::
:id: R-64503
:target: VNF
:keyword: MUST
@@ -475,15 +444,6 @@ Identity and Access Management Requirements
to sensitive commands and data to deny authorization.
.. req::
- :id: R-77157
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** conform to approved request, workflow
- authorization, and authorization provisioning requirements when
- creating privileged users.
-
-.. req::
:id: R-81147
:target: VNF
:keyword: MUST
@@ -518,16 +478,6 @@ Identity and Access Management Requirements
to restrict access to VNF functions and data to authorized entities.
.. req::
- :id: R-89753
- :target: VNF
- :keyword: MUST NOT
-
- The VNF **MUST NOT** install or use systems, tools or
- utilities capable of capturing or logging data that was not created
- by them or sent specifically to them in production, without
- authorization of the VNF system owner.
-
-.. req::
:id: R-19082
:target: VNF
:keyword: MUST NOT
@@ -537,14 +487,6 @@ Identity and Access Management Requirements
in production, without authorization of the VNF system owner.
.. req::
- :id: R-19790
- :target: VNF
- :keyword: MUST NOT
-
- The VNF **MUST NOT** include authentication credentials
- in security audit logs, even if encrypted.
-
-.. req::
:id: R-85419
:target: VNF
:keyword: SHOULD
@@ -576,15 +518,6 @@ security requirements:
API Requirements
-
-.. req::
- :id: R-37608
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** provide a mechanism to restrict access based
- on the attributes of the VNF and the attributes of the subject.
-
.. req::
:id: R-43884
:target: VNF
@@ -595,15 +528,6 @@ API Requirements
authorization services (e.g., IDAM).
.. req::
- :id: R-25878
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** use certificates issued from publicly
- recognized Certificate Authorities (CA) for the authentication process
- where PKI-based authentication is used.
-
-.. req::
:id: R-19804
:target: VNF
:keyword: MUST
@@ -1013,14 +937,6 @@ Security Analytics Requirements
to Security Analytics Tools for analysis.
.. req::
- :id: R-19219
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** provide audit logs that include user ID, dates,
- times for log-on and log-off, and terminal location at minimum.
-
-.. req::
:id: R-30932
:target: VNF
:keyword: MUST
diff --git a/docs/data/needs.json b/docs/data/needs.json
index 8caaa03..8388790 100644
--- a/docs/data/needs.json
+++ b/docs/data/needs.json
@@ -1,5 +1,5 @@
{
- "created": "2018-09-06T16:25:05.382160",
+ "created": "2018-09-06T17:45:18.112660",
"current_version": "casablanca",
"project": "",
"versions": {
@@ -21858,7 +21858,7 @@
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-06T16:25:05.382063",
+ "created": "2018-09-06T17:45:18.112581",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.",
@@ -25456,34 +25456,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-19219": {
- "description": "The VNF **MUST** provide audit logs that include user ID, dates,\ntimes for log-on and log-off, and terminal location at minimum.",
- "full_title": "",
- "hide_links": "",
- "id": "R-19219",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Security Analytics Requirements",
- "sections": [
- "VNF Security Analytics Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-19366": {
"description": "The xNF **MUST** support ONAP Controller's **ConfigModify** command.",
"full_title": "",
@@ -25598,34 +25570,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-19790": {
- "description": "The VNF **MUST NOT** include authentication credentials\nin security audit logs, even if encrypted.",
- "full_title": "",
- "hide_links": "",
- "id": "R-19790",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST NOT",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-19804": {
"description": "The VNF **MUST** validate the CA signature on the certificate,\nensure that the date is within the validity period of the certificate,\ncheck the Certificate Revocation List (CRL), and recognize the identity\nrepresented by the certificate where PKI-based authentication is used.",
"full_title": "",
@@ -27157,34 +27101,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-25878": {
- "description": "The VNF **MUST** use certificates issued from publicly\nrecognized Certificate Authorities (CA) for the authentication process\nwhere PKI-based authentication is used.",
- "full_title": "",
- "hide_links": "",
- "id": "R-25878",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-26115": {
"description": "The xNF **MUST** follow the data model upgrade rules defined\nin [RFC6020] section 10. All deviations from section 10 rules shall\nbe handled by a built-in automatic upgrade mechanism.",
"full_title": "",
@@ -29833,34 +29749,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-37608": {
- "description": "The VNF **MUST** provide a mechanism to restrict access based\non the attributes of the VNF and the attributes of the subject.",
- "full_title": "",
- "hide_links": "",
- "id": "R-37608",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-37692": {
"description": "The VNFC **MUST** provide API versioning to allow for\nindependent upgrades of VNFC.",
"full_title": "",
@@ -32683,34 +32571,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-49945": {
- "description": "The VNF **MUST** authorize VNF provider access through a\nclient application API by the client application owner and the resource\nowner of the VNF before provisioning authorization through Role Based\nAccess Control (RBAC), Attribute Based Access Control (ABAC), or other\npolicy based mechanism.",
- "full_title": "",
- "hide_links": "",
- "id": "R-49945",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-49956": {
"description": "The VNF **MUST** pass all access to applications (Bearer,\nsignaling and OA&M) through various security tools and platforms from\nACLs, stateful firewalls and application layer gateways depending on\nmanner of deployment. The application is expected to function (and in\nsome cases, interwork) with these security tools.",
"full_title": "",
@@ -37034,34 +36894,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-73541": {
- "description": "The VNF **MUST** use access controls for VNFs and their\nsupporting computing systems at all times to restrict access to\nauthorized personnel only, e.g., least privilege. These controls\ncould include the use of system configuration or access control\nsoftware.",
- "full_title": "",
- "hide_links": "",
- "id": "R-73541",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-73560": {
"description": "The xNF Package **MUST** include documentation about monitoring\nparameters/counters exposed for virtual resource management and xNF\napplication management.",
"full_title": "",
@@ -37684,34 +37516,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-77157": {
- "description": "The VNF **MUST** conform to approved request, workflow\nauthorization, and authorization provisioning requirements when\ncreating privileged users.",
- "full_title": "",
- "hide_links": "",
- "id": "R-77157",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-77334": {
"description": "The VNF **MUST** allow configurations and configuration parameters\nto be managed under version control to ensure consistent configuration\ndeployment, traceability and rollback.",
"full_title": "",
@@ -39192,34 +38996,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-85028": {
- "description": "The VNF **MUST** authenticate system to system access and\ndo not conceal a VNF provider user's individual accountability for\ntransactions.",
- "full_title": "",
- "hide_links": "",
- "id": "R-85028",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-85235": {
"description": "When the VNF's Heat Orchestration Template's Resource\n'OS::Neutron::Port' is attaching to an internal network, and an IPv4\naddress is assigned using the property 'fixed_ips' map property 'ip_address'\nand the parameter type is defined as a comma_delimited_list, the parameter\nname **MUST** follow the naming convention\n\n * '{vm-type}\\_int\\_{network-role}_ips'\n\nwhere\n\n * '{vm-type}' is the {vm-type} associated with the OS::Nova::Server\n * '{network-role}' is the {network-role} of the internal network",
"full_title": "",
@@ -40464,34 +40240,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-89753": {
- "description": "The VNF **MUST NOT** install or use systems, tools or\nutilities capable of capturing or logging data that was not created\nby them or sent specifically to them in production, without\nauthorization of the VNF system owner.",
- "full_title": "",
- "hide_links": "",
- "id": "R-89753",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST NOT",
- "links": [],
- "notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
- "sections": [
- "VNF Identity and Access Management Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-89800": {
"description": "The VNF **MUST NOT** require Hypervisor-level customization\nfrom the cloud provider.",
"full_title": "",
@@ -42596,7 +42344,7 @@
"validation_mode": ""
}
},
- "needs_amount": 729
+ "needs_amount": 720
}
}
} \ No newline at end of file