summaryrefslogtreecommitdiffstats
path: root/docs/Chapter4
diff options
context:
space:
mode:
Diffstat (limited to 'docs/Chapter4')
-rw-r--r--docs/Chapter4/Security.rst24
1 files changed, 14 insertions, 10 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 1757be6..114772b 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -101,8 +101,9 @@ the product’s lifecycle.
:keyword: SHOULD
:updated: casablanca
- The VNF **SHOULD** provide a mechanism for performing automated
- system configuration auditing at configurable time intervals.
+ The VNF **SHOULD** provide a mechanism that enables the operators to
+ perform automated system configuration auditing at configurable time
+ intervals.
.. req::
:id: R-23882
@@ -140,8 +141,9 @@ the product’s lifecycle.
:keyword: SHOULD
:updated: casablanca
- The VNF **SHOULD** support Layer 3 VPNs that enable segregation of
- traffic by application (i.e., AVPN, IPSec VPN for Internet routes).
+ The VNF **SHOULD** support network segregation, i.e., separation of OA&M
+ traffic from signaling and payload traffic, using technologies such as
+ VPN and VLAN.
.. req::
:id: R-40813
@@ -253,7 +255,8 @@ Identity and Access Management Requirements
:keyword: MUST
:updated: casablanca
- The VNF **MUST** allow the creation of multiple IDs so that
+ The VNF **MUST**, if not integrated with the Operator's Identity and
+ Access Management system, support the creation of multiple IDs so that
individual accountability can be supported.
.. req::
@@ -273,9 +276,9 @@ Identity and Access Management Requirements
:keyword: MUST
:updated: casablanca
- Each layer of the VNF **MUST** support access restriction
- independently of all other layers so that Segregation of Duties
- can be implemented.
+ Each architectural layer of the VNF (eg. operating system, network,
+ application) **MUST** support access restriction independently of all
+ other layers so that Segregation of Duties can be implemented.
.. req::
:id: R-59391
@@ -283,8 +286,9 @@ Identity and Access Management Requirements
:keyword: MUST NOT
:updated: casablanca
- The VNF **MUST NOT** not allow the assumption of the permissions of
- another account to mask individual accountability.
+ The VNF **MUST NOT** allow the assumption of the permissions of another
+ account to mask individual accountability. For example, use SUDO when a
+ user requires elevated permissions such as root or admin.
.. req::
:id: R-64503