summaryrefslogtreecommitdiffstats
path: root/docs/Chapter4/Security.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/Chapter4/Security.rst')
-rw-r--r--docs/Chapter4/Security.rst41
1 files changed, 28 insertions, 13 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 0b69e8f..25b767e 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -184,12 +184,17 @@ the product's lifecycle.
SSH, SFTP.
.. req::
- :id: R-35144
- :target: VNF
- :keyword: MUST
+ :id: R-872986
+ :target: VNF
+ :keyword: MUST
+ :introduced: casablanca
- The VNF **MUST**, if not using the NCSP's IDAM API, comply
- with the NCSP's credential management policy.
+ The VNF **MUST** store Authentication Credentials used to authenticate to
+ other systems encrypted except where there is a technical need to store
+ the password unencrypted in which case it must be protected using other
+ security techniques that include the use of file and directory permissions.
+ Ideally, credentials SHOULD rely on a HW Root of Trust, such as a
+ TPM or HSM.
.. req::
:id: R-80335
@@ -357,14 +362,6 @@ Identity and Access Management Requirements
user requires elevated permissions such as root or admin.
.. req::
- :id: R-64503
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** provide minimum privileges for initial
- and default settings for new user accounts.
-
-.. req::
:id: R-86835
:target: VNF
:keyword: MUST
@@ -452,6 +449,15 @@ Identity and Access Management Requirements
password.
.. req::
+ :id: R-844011
+ :target: VNF
+ :keyword: MUST
+ :introduced: casablanca
+
+ The VNF MUST not store authentication credentials to itself in clear
+ text or any reversible form and must use salting.
+
+.. req::
:id: R-79107
:target: VNF
:keyword: MUST
@@ -1014,6 +1020,15 @@ Security Analytics Requirements
The VNF **SHOULD** provide the capability of maintaining the integrity of
its static files using a cryptographic method.
+.. req::
+ :id: R-859208
+ :target: VNF
+ :keyword: MUST
+ :introduced: casablanca
+
+ The VNF **MUST** log automated remote activities performed with
+ elevated privileges.
+
VNF Data Protection Requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^