summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Chapter4/Security.rst104
-rw-r--r--docs/data/needs.json72
2 files changed, 98 insertions, 78 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 384f07e..6f3f0b8 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -472,13 +472,6 @@ Identity and Access Management Requirements
Authorization Server.
.. req::
- :id: R-48080
- :target: VNF
- :keyword: SHOULD
-
- The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol).
-
-.. req::
:id: R-75041
:target: VNF
:keyword: MUST
@@ -1016,14 +1009,6 @@ Data Protection Requirements
requiring encryption, the virtual memory should be encrypted.
.. req::
- :id: R-93860
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** provide the capability to integrate with an
- external encryption service.
-
-.. req::
:id: R-73067
:target: VNF
:keyword: MUST
@@ -1063,59 +1048,98 @@ Data Protection Requirements
versions of cryptographic algorithms and protocols with minimal impact.
.. req::
- :id: R-44723
+ :id: R-95864
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** use symmetric keys of at least 112 bits in length.
+ The VNF **MUST** support digital certificates that comply with X.509
+ standards.
.. req::
- :id: R-25401
+ :id: R-12110
+ :target: VNF
+ :keyword: MUST NOT
+
+ The VNF **MUST NOT** use keys generated or derived from
+ predictable functions or values, e.g., values considered predictable
+ include user identity information, time of day, stored/transmitted data.
+
+.. req::
+ :id: R-69610
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** use asymmetric keys of at least 2048 bits in length.
+ The VNF **MUST** provide the capability of using X.509 certificates
+ issued by an external Certificate Authority.
.. req::
- :id: R-95864
+ :id: R-47204
:target: VNF
:keyword: MUST
:updated: casablanca
- The VNF **MUST** support digital certificates that comply with X.509
- standards.
+ The VNF **MUST** be capable of protecting the confidentiality and integrity
+ of data at rest and in transit from unauthorized access and modification.
+
+
+VNF Cryptography Requirements
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This section covers VNF cryptography requirements that are mostly
+applicable to encryption or protocol meethods.
.. req::
- :id: R-12110
+ :id: R-48080
:target: VNF
- :keyword: MUST NOT
+ :keyword: SHOULD
+ :updated: casablanca
- The VNF **MUST NOT** use keys generated or derived from
- predictable functions or values, e.g., values considered predictable
- include user identity information, time of day, stored/transmitted data.
+ The VNF **SHOULD** support an automated certificate management protocol
+ such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or
+ Automated Certificate Management Environment (ACME).
.. req::
- :id: R-52060
+ :id: R-93860
+ :target: VNF
+ :keyword: SHOULD
+ :updated: casablanca
+
+ The VNF **SHOULD** provide the capability to integrate with an
+ external encryption service.
+
+.. req::
+ :id: R-44723
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** provide the capability to configure encryption
- algorithms or devices so that they comply with the laws of the jurisdiction
- in which there are plans to use data encryption.
+ The VNF **MUST** use symmetric keys of at least 112 bits in length.
.. req::
- :id: R-69610
+ :id: R-25401
:target: VNF
:keyword: MUST
:updated: casablanca
- The VNF **MUST** provide the capability of using X.509 certificates
- issued by an external Certificate Authority.
+ The VNF **MUST** use asymmetric keys of at least 2048 bits in length.
+
+.. req::
+ :id: R-52060
+ :target: VNF
+ :keyword: MUST
+ :updated: casablanca
+
+ The VNF **MUST** provide the capability to configure encryption
+ algorithms or devices so that they comply with the laws of the jurisdiction
+ in which there are plans to use data encryption.
.. req::
:id: R-83500
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of allowing certificate
renewal and revocation.
@@ -1124,6 +1148,7 @@ Data Protection Requirements
:id: R-29977
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the validity
of a digital certificate by validating the CA signature on the certificate.
@@ -1132,6 +1157,7 @@ Data Protection Requirements
:id: R-24359
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the validity
of a digital certificate by validating the date the certificate is being
@@ -1141,6 +1167,7 @@ Data Protection Requirements
:id: R-39604
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the
validity of a digital certificate by checking the Certificate Revocation
@@ -1151,16 +1178,9 @@ Data Protection Requirements
:id: R-75343
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the
validity of a digital certificate by recognizing the identity represented
by the certificate - the "distinguished name".
-.. req::
- :id: R-47204
- :target: VNF
- :keyword: MUST
- :updated: casablanca
-
- The VNF **MUST** be capable of protecting the confidentiality and integrity
- of data at rest and in transit from unauthorized access and modification. \ No newline at end of file
diff --git a/docs/data/needs.json b/docs/data/needs.json
index 2d38372..439d6ae 100644
--- a/docs/data/needs.json
+++ b/docs/data/needs.json
@@ -1,5 +1,5 @@
{
- "created": "2018-09-07T19:37:09.602325",
+ "created": "2018-09-10T17:51:37.025716",
"current_version": "casablanca",
"project": "",
"versions": {
@@ -21858,7 +21858,7 @@
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-07T19:37:09.602183",
+ "created": "2018-09-10T17:51:37.025645",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.",
@@ -26853,9 +26853,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -26867,7 +26867,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -26996,9 +26996,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -27010,7 +27010,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -28057,9 +28057,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -28071,7 +28071,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -30042,9 +30042,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -30056,7 +30056,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -31385,9 +31385,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -31399,7 +31399,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -32084,7 +32084,7 @@
"validation_mode": ""
},
"R-48080": {
- "description": "The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol).",
+ "description": "The VNF **SHOULD** support an automated certificate management protocol\nsuch as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or\nAutomated Certificate Management Environment (ACME).",
"full_title": "",
"hide_links": "",
"id": "R-48080",
@@ -32093,9 +32093,9 @@
"keyword": "SHOULD",
"links": [],
"notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Identity and Access Management Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -32107,7 +32107,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -32841,9 +32841,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -32855,7 +32855,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -37213,9 +37213,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -37227,7 +37227,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -38609,9 +38609,9 @@
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -38623,7 +38623,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -41014,18 +41014,18 @@
"validation_mode": ""
},
"R-93860": {
- "description": "The VNF **MUST** provide the capability to integrate with an\nexternal encryption service.",
+ "description": "The VNF **SHOULD** provide the capability to integrate with an\nexternal encryption service.",
"full_title": "",
"hide_links": "",
"id": "R-93860",
"impacts": "",
"introduced": "",
- "keyword": "MUST",
+ "keyword": "SHOULD",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
@@ -41037,7 +41037,7 @@
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
@@ -41811,7 +41811,7 @@
"validation_mode": ""
},
"R-98391": {
- "description": "The VNF **MUST**, if not integrated with the Operator\u2019s Identity and\nAccess Management system, support Role-Based Access Control to enforce\nleast privilege.",
+ "description": "The VNF **MUST**, if not integrated with the Operator's Identity and\nAccess Management system, support Role-Based Access Control to enforce\nleast privilege.",
"full_title": "",
"hide_links": "",
"id": "R-98391",