From 116d208c43795f3737e356bf305f881344835fe2 Mon Sep 17 00:00:00 2001 From: "Bozawglanian, Hagop (hb755d)" Date: Mon, 10 Sep 2018 21:43:04 +0000 Subject: VNFRQTS - Rewording Security Req Batch 5 Including changes for: VNFRQTS - 354, 398, 400, 413, 414 Issue-ID: VNFRQTS-398 Change-Id: Ia0260ccad6fe19c32636a8581d555784787baa9e Signed-off-by: Bozawglanian, Hagop (hb755d) --- docs/Chapter4/Security.rst | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'docs/Chapter4') diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 6f3f0b8..aafc1da 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -404,13 +404,10 @@ Identity and Access Management Requirements :id: R-59391 :target: VNF :keyword: MUST + :updated: casablanca - The VNF provider **MUST**, where a VNF provider requires - the assumption of permissions, such as root or administrator, first - log in under their individual user login ID then switch to the other - higher level account; or where the individual user login is infeasible, - must login with an account with admin privileges in a way that - uniquely identifies the individual performing the function. + The VNF MUST NOT not allow the assumption of the permissions of + another account to mask individual accountability. .. req:: :id: R-64503 @@ -548,21 +545,23 @@ API Requirements :id: R-54930 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** implement the following input validation - control: Do not permit input that contains content or characters - inappropriate to the input expected by the design. Inappropriate input, - such as SQL insertions, may cause the system to execute undesirable - and unauthorized transactions against the database or allow other - inappropriate access to the internal network. + The VNF **MUST** implement the following input validation controls: + Do not permit input that contains content or characters inappropriate + to the input expected by the design. Inappropriate input, such as + SQL expressions, may cause the system to execute undesirable and + unauthorized transactions against the database or allow other + inappropriate access to the internal network (injection attacks). .. req:: :id: R-21210 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** implement the following input validation - control: Validate that any input file has a correct and valid + The VNF **MUST** implement the following input validation control + on APIs: Validate that any input file has a correct and valid Multipurpose Internet Mail Extensions (MIME) type. Input files should be tested for spoofed MIME types. @@ -912,18 +911,19 @@ Security Analytics Requirements :id: R-04492 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** generate security audit logs that must be sent + The VNF **MUST** generate security audit logs that can be sent to Security Analytics Tools for analysis. .. req:: :id: R-30932 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** provide security audit logs including records - of successful and rejected system access data and other resource access - attempts. + The VNF **MUST** log successful and unsuccessful access to VNF + resources, including data. .. req:: :id: R-54816 -- cgit 1.2.3-korg