summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/Chapter4/Security.rst82
-rw-r--r--docs/data/needs.json286
2 files changed, 3 insertions, 365 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 3899c8b..a56643d 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -662,56 +662,6 @@ API Requirements
Multipurpose Internet Mail Extensions (MIME) type. Input files
should be tested for spoofed MIME types.
-.. req::
- :id: R-23772
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** validate input at all layers implementing VNF APIs.
-
-.. req::
- :id: R-87135
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** comply with NIST standards and industry
- best practices for all implementations of cryptography.
-
-.. req::
- :id: R-02137
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** implement all monitoring and logging as
- described in the Security Analytics section.
-
-.. req::
- :id: R-15659
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** restrict changing the criticality level of
- a system security alarm to administrator(s).
-
-.. req::
- :id: R-19367
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** monitor API invocation patterns to detect
- anomalous access patterns that may represent fraudulent access or
- other types of attacks, or integrate with tools that implement anomaly
- and abuse detection.
-
-.. req::
- :id: R-78066
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** support requests for information from law
- enforcement and government agencies.
-
-
VNF Security Analytics Requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -812,15 +762,6 @@ Security Analytics Requirements
as part of VNFs (e.g., PGW, MME).
.. req::
- :id: R-20912
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** support alternative monitoring capabilities
- when VNFs do not expose data or control traffic or use proprietary and
- optimized protocols for inter VNF communication.
-
-.. req::
:id: R-73223
:target: VNF
:keyword: MUST
@@ -870,13 +811,6 @@ Security Analytics Requirements
The VNF **MUST** log logoffs.
.. req::
- :id: R-08598
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** log successful and unsuccessful changes to a privilege level.
-
-.. req::
:id: R-13344
:target: VNF
:keyword: MUST
@@ -1071,22 +1005,6 @@ Security Analytics Requirements
enforcement and government agencies.
.. req::
- :id: R-56786
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** implement "Closed Loop" automatic implementation
- (without human intervention) for Known Threats with detection rate in low
- false positives.
-
-.. req::
- :id: R-25094
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** perform data capture for security functions.
-
-.. req::
:id: R-04492
:target: VNF
:keyword: MUST
diff --git a/docs/data/needs.json b/docs/data/needs.json
index 4c18bc7..8caaa03 100644
--- a/docs/data/needs.json
+++ b/docs/data/needs.json
@@ -1,5 +1,5 @@
{
- "created": "2018-09-05T20:05:26.621772",
+ "created": "2018-09-06T16:25:05.382160",
"current_version": "casablanca",
"project": "",
"versions": {
@@ -21858,7 +21858,7 @@
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-05T20:05:26.621679",
+ "created": "2018-09-06T16:25:05.382063",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.",
@@ -22313,34 +22313,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-02137": {
- "description": "The VNF **MUST** implement all monitoring and logging as\ndescribed in the Security Analytics section.",
- "full_title": "",
- "hide_links": "",
- "id": "R-02137",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-02164": {
"description": "When a VNF's Heat Orchestration Template's Contrail resource\nhas a property that\nreferences an external network that requires the network's\nFully Qualified Domain Name (FQDN), the property parameter\n\n * **MUST** follow the format '{network-role}_net_fqdn'\n * **MUST** be declared as type 'string'\n * **MUST NOT** be enumerated in the NF's Heat Orchestration Template's\n Environment File",
"full_title": "",
@@ -23541,34 +23513,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-08598": {
- "description": "The VNF **MUST** log successful and unsuccessful changes to a privilege level.",
- "full_title": "",
- "hide_links": "",
- "id": "R-08598",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Security Analytics Requirements",
- "sections": [
- "VNF Security Analytics Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-08775": {
"description": "A VNF's Heat Orchestration Template's Resource\nOS::Neutron::SecurityGroup that is applicable to one {vm-type} and\nmore than one network (internal and/or external) Resource ID\n**SHOULD** use the naming convention\n\n * {vm-type}_security_group\n\nwhere\n\n * {vm-type} is the vm-type",
"full_title": "",
@@ -24800,34 +24744,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-15659": {
- "description": "The VNF **MUST** restrict changing the criticality level of\na system security alarm to administrator(s).",
- "full_title": "",
- "hide_links": "",
- "id": "R-15659",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-15671": {
"description": "The VNF **MUST** provide access controls that allow the Operator\nto restrict access to VNF functions and data to authorized entities.",
"full_title": "",
@@ -25597,34 +25513,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-19367": {
- "description": "The VNF **MUST** monitor API invocation patterns to detect\nanomalous access patterns that may represent fraudulent access or\nother types of attacks, or integrate with tools that implement anomaly\nand abuse detection.",
- "full_title": "",
- "hide_links": "",
- "id": "R-19367",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-19624": {
"description": "The xNF **MUST** encode and serialize content delivered to\nONAP using JSON (RFC 7159) plain text format. High-volume data\nis to be encoded and serialized using `Avro <http://avro.apache.org/>`_,\nwhere the Avro [#7.4.1]_ data format are described using JSON.\n\nNote:\n\n - JSON plain text format is preferred for moderate volume data sets\n (option 1), as JSON has the advantage of having well-understood simple\n processing and being human-readable without additional decoding. Examples\n of moderate volume data sets include the fault alarms and performance\n alerts, heartbeat messages, measurements used for xNF scaling and syslogs.\n - Binary format using Avro is preferred for high volume data sets\n (option 2) such as mobility flow measurements and other high-volume\n streaming events (such as mobility signaling events or SIP signaling)\n or bulk data, as this will significantly reduce the volume of data\n to be transmitted. As of the date of this document, all events are\n reported using plain text JSON and REST.\n - Avro content is self-documented, using a JSON schema. The JSON schema is\n delivered along with the data content\n (http://avro.apache.org/docs/current/ ). This means the presence and\n position of data fields can be recognized automatically, as well as the\n data format, definition and other attributes. Avro content can be\n serialized as JSON tagged text or as binary. In binary format, the\n JSON schema is included as a separate data block, so the content is\n not tagged, further compressing the volume. For streaming data, Avro\n will read the schema when the stream is established and apply the\n schema to the received content.",
"full_title": "",
@@ -26081,34 +25969,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-20912": {
- "description": "The VNF **MUST** support alternative monitoring capabilities\nwhen VNFs do not expose data or control traffic or use proprietary and\noptimized protocols for inter VNF communication.",
- "full_title": "",
- "hide_links": "",
- "id": "R-20912",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Security Analytics Requirements",
- "sections": [
- "VNF Security Analytics Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-20947": {
"description": "A VNF's Heat Orchestration Template's Resource\n'OS::ContrailV2::InstanceIp' that is configuring an IPv4 Address\non a sub-interface port attached to a sub-interface network\nResource ID **MUST** use the naming convention\n\n * {vm-type}_{vm-type_index}_subint_{network-role}_vmi_{vmi_index}_IP_{index}\n\nwhere\n\n * {vm-type} is the vm-type\n * {vm-type_index} is the instance of the {vm-type}\n * {network-role} is the network-role of the network\n that the port is attached to\n * {vmi_index} is the instance of the the virtual machine interface\n (e.g., port) on the vm-type\n attached to the network of {network-role}\n * 'IP' signifies that an IPv4 address is being configured\n * {index} is the index of the IPv4 address",
"full_title": "",
@@ -26953,34 +26813,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-23772": {
- "description": "The VNF **MUST** validate input at all layers implementing VNF APIs.",
- "full_title": "",
- "hide_links": "",
- "id": "R-23772",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-23882": {
"description": "The VNF **SHOULD** provide the capability for the Operator to run security\nvulnerability scans of the operating system and all application layers.",
"full_title": "",
@@ -27152,34 +26984,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-25094": {
- "description": "The VNF **MUST** perform data capture for security functions.",
- "full_title": "",
- "hide_links": "",
- "id": "R-25094",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Security Analytics Requirements",
- "sections": [
- "VNF Security Analytics Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-25190": {
"description": "A VNF's Heat Orchestration Template's Resource 'OS::Cinder::Volume'\n**SHOULD NOT** declare the property 'availability_zone'.",
"full_title": "",
@@ -34105,34 +33909,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-56786": {
- "description": "The VNF **MUST** implement \"Closed Loop\" automatic implementation\n(without human intervention) for Known Threats with detection rate in low\nfalse positives.",
- "full_title": "",
- "hide_links": "",
- "id": "R-56786",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF Security Analytics Requirements",
- "sections": [
- "VNF Security Analytics Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-56793": {
"description": "The VNF **MUST** test for adherence to the defined performance\nbudgets at each layer, during each delivery cycle with delivered\nresults, so that the performance budget is measured and the code\nis adjusted to meet performance budget.",
"full_title": "",
@@ -38048,34 +37824,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-78066": {
- "description": "The VNF **MUST** support requests for information from law\nenforcement and government agencies.",
- "full_title": "",
- "hide_links": "",
- "id": "R-78066",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-78116": {
"description": "The xNF **MUST** update status on the Chef Server\nappropriately (e.g., via a fail or raise an exception) if the\nchef-client run encounters any critical errors/failures when\nexecuting a xNF action.",
"full_title": "",
@@ -40171,34 +39919,6 @@
"validated_by": "",
"validation_mode": ""
},
- "R-87135": {
- "description": "The VNF **MUST** comply with NIST standards and industry\nbest practices for all implementations of cryptography.",
- "full_title": "",
- "hide_links": "",
- "id": "R-87135",
- "impacts": "",
- "introduced": "",
- "keyword": "MUST",
- "links": [],
- "notes": "",
- "section_name": "VNF API Security Requirements",
- "sections": [
- "VNF API Security Requirements",
- "VNF Security"
- ],
- "status": null,
- "tags": [],
- "target": "VNF",
- "test": "",
- "test_case": "",
- "test_file": "",
- "title": "",
- "title_from_content": "",
- "type_name": "Requirement",
- "updated": "",
- "validated_by": "",
- "validation_mode": ""
- },
"R-87247": {
"description": "A VNF Heat Orchestration Template's Incremental Module file name\n**MUST** contain only alphanumeric characters and underscores '_' and\n**MUST NOT** contain the case insensitive word 'base'.",
"full_title": "",
@@ -42876,7 +42596,7 @@
"validation_mode": ""
}
},
- "needs_amount": 739
+ "needs_amount": 729
}
}
} \ No newline at end of file