From 454be43060ce9e5d00ec60f990887a76df067297 Mon Sep 17 00:00:00 2001
From: "Bozawglanian, Hagop (hb755d)" <hagop.bozawglanian@att.com>
Date: Mon, 29 Oct 2018 17:36:26 +0000
Subject: VNFRQTS - Reword Security Req SECCOM 1

Contains changes for VNFRQTS-304, 312, 339, 341, 354

Issue-ID: VNFRQTS-304

Change-Id: I88be8ebb4a9ea6538baa6f384c3eb29fc52cfc0e
Signed-off-by: Bozawglanian, Hagop (hb755d) <hagop.bozawglanian@att.com>
---
 docs/Chapter4/Security.rst | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

(limited to 'docs/Chapter4/Security.rst')

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 1757be6..114772b 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -101,8 +101,9 @@ the product’s lifecycle.
     :keyword: SHOULD
     :updated: casablanca
 
-    The VNF **SHOULD** provide a mechanism for performing automated
-    system configuration auditing at configurable time intervals.
+    The VNF **SHOULD** provide a mechanism that enables the operators to
+    perform automated system configuration auditing at configurable time
+    intervals.
 
 .. req::
     :id: R-23882
@@ -140,8 +141,9 @@ the product’s lifecycle.
     :keyword: SHOULD
     :updated: casablanca
 
-    The VNF **SHOULD** support Layer 3 VPNs that enable segregation of
-    traffic by application (i.e., AVPN, IPSec VPN for Internet routes).
+    The VNF **SHOULD** support network segregation, i.e., separation of OA&M
+    traffic from signaling and payload traffic, using technologies such as
+    VPN and VLAN.
 
 .. req::
     :id: R-40813
@@ -253,7 +255,8 @@ Identity and Access Management Requirements
     :keyword: MUST
     :updated: casablanca
 
-    The VNF **MUST** allow the creation of multiple IDs so that
+    The VNF **MUST**, if not integrated with the Operator's Identity and
+    Access Management system, support the creation of multiple IDs so that
     individual accountability can be supported.
 
 .. req::
@@ -273,9 +276,9 @@ Identity and Access Management Requirements
     :keyword: MUST
     :updated: casablanca
 
-    Each layer of the VNF **MUST** support access restriction
-    independently of all other layers so that Segregation of Duties
-    can be implemented.
+    Each architectural layer of the VNF (eg. operating system, network,
+    application) **MUST** support access restriction independently of all
+    other layers so that Segregation of Duties can be implemented.
 
 .. req::
     :id: R-59391
@@ -283,8 +286,9 @@ Identity and Access Management Requirements
     :keyword: MUST NOT
     :updated: casablanca
 
-    The VNF **MUST NOT** not allow the assumption of the permissions of
-    another account to mask individual accountability.
+    The VNF **MUST NOT** allow the assumption of the permissions of another
+    account to mask individual accountability. For example, use SUDO when a
+    user requires elevated permissions such as root or admin.
 
 .. req::
     :id: R-64503
-- 
cgit 1.2.3-korg