From 1e870d8b227d8ff95d8e64cb65174f8ef86398f7 Mon Sep 17 00:00:00 2001
From: Hagop Bozawglanian <hagop.bozawglanian@att.com>
Date: Tue, 17 Sep 2019 18:43:44 +0000
Subject: VNFRQTS - Security batch 2

Issue-ID: VNFRQTS-694

Signed-off-by: Hagop Bozawglanian <hagop.bozawglanian@att.com>
Change-Id: I3711d6fb2aef514f99526282e36c6ebd4d890506
---
 docs/Chapter4/Security.rst                  |  7 +++--
 docs/Chapter7/Monitoring-And-Management.rst | 41 +++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index d36708d..68e7bd7 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -275,10 +275,13 @@ the product's lifecycle.
 .. req::
    :id: R-258686
    :target: VNF
-   :keyword: MUST NOT
+   :keyword: SHOULD NOT
    :introduced: casablanca
+   :updated: el alto
 
-   The VNF application processes **MUST NOT** run as root.
+   The VNF application processes **SHOULD NOT** run as root. If a VNF
+   application process must run as root, the technical reason must
+   be documented.
 
 .. req::
    :id: R-118669
diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst
index e6886aa..6dc8d4b 100755
--- a/docs/Chapter7/Monitoring-And-Management.rst
+++ b/docs/Chapter7/Monitoring-And-Management.rst
@@ -956,6 +956,47 @@ Security
     Note: In one-way TLS authentication, the client (VNF or PNF)
     must authentication the server (DCAE) certificate.
 
+.. req::
+   :id: R-55634
+   :target: VNF or PNF
+   :keyword: MUST
+   :introduced: el alto
+
+   If VNF or PNF is using Basic Authentication, then the VNF or PNF
+   **MUST** be in compliance with
+   `RFC7617 <https://tools.ietf.org/html/rfc7617>`_ for authenticating HTTPS
+   connections to the DCAE VES Event Listener.
+
+.. req::
+   :id: R-43387
+   :target: VNF or PNF
+   :keyword: MUST
+   :introduced: el alto
+
+   If the VNF or PNF is using Certificate Authentication, the
+   VNF or PNF **MUST** support mutual TLS authentication and the Subject
+   Name in the end-entity certificate MUST be used according to
+   `RFC5280 <https://tools.ietf.org/html/rfc5280>`_.
+
+   Note: In mutual TLS authentication, the client (VNF or PNF) must
+   authenticate the server (DCAE) certificate and must provide its own
+   X.509v3 end-entity certificate to the server for authentication.
+
+.. req::
+   :id: R-33878
+   :target: VNF or PNF
+   :keyword: MUST
+   :introduced: el alto
+
+   The VNF or PNF **MUST** support one of the following authentication
+   methods for authenticating HTTPS connections to the DCAE VES Event
+   Listener:
+
+   - The preferred method is Certificate Authentication
+    
+   - The non-preferred option is Basic Authentication.
+
+
 Bulk Performance Measurement
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
cgit 1.2.3-korg