From 1baff9156464bed7830483deb1f704993e620360 Mon Sep 17 00:00:00 2001 From: "Bozawglanian, Hagop (hb755d)" Date: Tue, 30 Oct 2018 17:08:00 +0000 Subject: VNFRQTS - New Security Req SECCOM 2 Contains commits for VNFRQTS-368, 370, 371, 372, 377, 403, 405, 406, 440, 448 Issue-ID: VNFRQTS-368 Change-Id: I46d581ebec85977ab5ab9680d673e1941585c5b0 Signed-off-by: Bozawglanian, Hagop (hb755d) --- docs/Chapter4/Security.rst | 95 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) (limited to 'docs/Chapter4/Security.rst') diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 50eb650..0b69e8f 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -295,6 +295,16 @@ the product's lifecycle. attempts since then made with that user's ID. This requirement is only applicable when the user account is defined locally in the VNF. +.. req:: + :id: R-842258 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** include a configuration, e.g., a heat template or CSAR + package, that specifies the targetted parameters, e.g. a limited set of + ports, over which the VNF will communicate (including internal, external + and management communication). VNF Identity and Access Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -483,6 +493,52 @@ Identity and Access Management Requirements approved identity lifecycle management tool using a standard protocol, e.g., NETCONF API. +.. req:: + :id: R-931076 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** support account names that contain at least A-Z, a-z, + 0-9 character sets and be at least 6 characters in length. + +.. req:: + :id: R-581188 + :target: VNF + :keyword: MUST NOT + :introduced: casablanca + + A failed authentication attempt **MUST NOT** identify the reason for the + failure to the user, only that the authentication failed. + +.. req:: + :id: R-479386 + :target: VNF + :keyword: MUST NOT + :introduced: casablanca + + The VNF **MUST NOT** display "Welcome" notices or messages that could + be misinterpreted as extending an invitation to unauthorized users. + +.. req:: + :id: R-231402 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** provide a means for the user to explicitly logout, thus + ending that session for that authenticated user. + +.. req:: + :id: R-45719 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST**, if not integrated with the Operator's Identity and Access + Management system, or enforce a configurable "terminate idle sessions" + policy by terminating the session after a configurable period of inactivity. + VNF API Security Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -919,6 +975,45 @@ Security Analytics Requirements attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools. +.. req:: + :id: R-629534 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** be capable of automatically synchronizing the system clock + daily with the Operator's trusted time source, to assure accurate time + reporting in log files. It is recommended that Coordinated Universal Time + (UTC) be used where possible, so as to eliminate ambiguity owing to daylight + savings time. + +.. req:: + :id: R-303569 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** log the Source IP address in the security audit logs. + +.. req:: + :id: R-703767 + :target: VNF + :keyword: MUST + :introduced: casablanca + + The VNF **MUST** have the capability to securely transmit the security logs + and security events to a remote system before they are purged from the + system. + +.. req:: + :id: R-465236 + :target: VNF + :keyword: SHOULD + :introduced: casablanca + + The VNF **SHOULD** provide the capability of maintaining the integrity of + its static files using a cryptographic method. + VNF Data Protection Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- cgit 1.2.3-korg