diff options
Diffstat (limited to 'docs/Chapter8.rst')
| -rw-r--r-- | docs/Chapter8.rst | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/docs/Chapter8.rst b/docs/Chapter8.rst index d9b6ea1..fbe2d89 100644 --- a/docs/Chapter8.rst +++ b/docs/Chapter8.rst @@ -518,7 +518,7 @@ Table C8. Required Fields for Amount d. – Requirement List ================================== -R-11200: The VNF MUST keep the scope of a Cinder volume module, when it exists, to be 1:1 with the VNF Base Module or Incremental Module. +R-11200: The VNF **MUST** keep the scope of a Cinder volume module, when it exists, to be 1:1 with the VNF Base Module or Incremental Module. R-01334: The VNF **MUST** conform to the NETCONF RFC 5717, “Partial Lock Remote Procedure Call”. @@ -542,7 +542,7 @@ R-62498: The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt OA&M acce R-42366: The VNF **MUST** support secure connections and transports. -R-33955: The VNF **SHOULD** conform its YANG model to \*\*RFC 6991, “Common YANG Data Types”. +R-33955: The VNF **SHOULD** conform its YANG model to RFC 6991, “Common YANG Data Types”. R-33488: The VNF **MUST** protect against all denial of service attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools. @@ -604,7 +604,7 @@ R-21558: The VNF **SHOULD** use intelligent routing by having knowledge of multi R-07545: The VNF **MUST** support all operations, administration and management (OAM) functions available from the supplier for VNFs using the supplied YANG code and associated NETCONF servers. -R-73541: The VNF **MIST** use access controls for VNFs and their supporting computing systems at all times to restrict access to authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. +R-73541: The VNF **MUST** use access controls for VNFs and their supporting computing systems at all times to restrict access to authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. R-97102: The VNF Package **MUST** include VM requirements via a Heat template that provides the necessary data for: @@ -850,7 +850,7 @@ R-75608: The VNF provider **MUST** provide playbooks to be loaded on the appropr R-61354: The VNF **MUST** implement access control list for OA&M services (e.g., restricting access to certain ports or applications). -R-62468: The VNF **MUST** allow all configuration data shall to be edited through a NETCONF <edit-config> operation. Proprietary NETCONF RPCs that make configuration changes are not sufficient. +R-62468: The VNF **MUST** allow all configuration data to be edited through a NETCONF <edit-config> operation. Proprietary NETCONF RPCs that make configuration changes are not sufficient. R-34552: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for OWASP Top 10. @@ -908,7 +908,7 @@ R-09467: The VNF **MUST** utilize only NCSP standard compute flavors. [5]_ R-62170: The VNF **MUST** over-ride any default values for configurable parameters that can be set by ONAP in the roles, cookbooks and recipes. -R-41994: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "No Self-Signed Certificates" policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as LS 1.1 or higher or equivalent security protocols such as IPSec, AES. +R-41994: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "No Self-Signed Certificates" policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as TLS 1.2 or higher or equivalent security protocols such as IPSec, AES. R-38474: The VNF **MUST** have a corresponding environment file for a Base Module. @@ -1038,7 +1038,7 @@ R-98391: The VNF **MUST**, if not using the NCSP’s IDAM API, support Role-Base R-29967: The VNF **MUST** conform its YANG model to RFC 6022, “YANG module for NETCONF monitoring”. -R-80335: The VNF **MUST** make visible a Warning Notices: A formal statement of resource intent, i.e., a warning notice, upon initial access to a VNF provider user who accesses private internal networks or Company computer resources, e.g., upon initial logon to an internal web site, system or application which requires authentication. +R-80335: The VNF **MUST** make visible a Warning Notice: A formal statement of resource intent, i.e., a warning notice, upon initial access to a VNF provider user who accesses private internal networks or Company computer resources, e.g., upon initial logon to an internal web site, system or application which requires authentication. R-48596: The VNF Package **MUST** include documentation describing the characteristics for the VNF reliability and high availability. @@ -1088,7 +1088,7 @@ R-47597: The VNF **MUST** carry data in motion only over secure connections. R-43253: The VNF **MUST** use playbooks designed to allow Ansible Server to infer failure or success based on the “PLAY_RECAP” capability. -R-23135: The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate system to system communications were one system accesses the resources of another system, and must never conceal individual accountability. +R-23135: The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate system to system communications where one system accesses the resources of another system, and must never conceal individual accountability. R-99730: The VNF **MUST** include the field “Login ID” in the Security alarms (where applicable and technically feasible). @@ -1104,7 +1104,7 @@ R-35291: The VNF **MUST** support the ability to failover a VNFC automatically t R-43332: The VNF **MUST** activate security alarms automatically when the following event is detected: successful modification of critical system or application files -R-81147: The VNF **MUST** have greater restrictions for access and execution, such as up to 3 factors of authentication and restricted authorization, for commands affecting network services, such as commands relating to VNFs, must. +R-81147: The VNF **MUST** have greater restrictions for access and execution, such as up to 3 factors of authentication and restricted authorization, for commands affecting network services, such as commands relating to VNFs. R-60656: The VNF **MUST** support sub tree filtering. @@ -1299,8 +1299,8 @@ e. - Ansible Playbook Examples The following sections contain examples of Ansible playbook contents which follow the guidelines. -Guidelines for Playbooks to properly integrate with APPC -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Guidelines for Playbooks to properly integrate with APPC +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTE: To support concurrent requests to multiple VNF instances of same or different type, VNF hosts and other files with VNF specific default @@ -1403,9 +1403,7 @@ by underscore: oam: {vnfc_name: {{ vm_config_oam_vnfc_name }}, hostname: {{ vm_config_oam_hostname }}, provider_ip_address: {{ vm_config_oam_provider_ip_address } - }, - … Parameters like VNF names, VNFC names, OA&M IP addresses, after @@ -1886,4 +1884,4 @@ developed playbooks for the VNF. under consideration. .. [7] - Multiple ONAP actions may map to one playbook.
\ No newline at end of file + Multiple ONAP actions may map to one playbook. |