From 29b40f43e5102f5289495a93044e5b71a3003ec3 Mon Sep 17 00:00:00 2001 From: "Bozawglanian, Hagop (hb755d)" Date: Mon, 10 Sep 2018 18:02:42 +0000 Subject: VNFRQS - Cryptography Reqs Batch 1 Including changes for VNFRQTS - 435, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434 Issue-ID: VNFRQTS-435 Change-Id: I5e4e32e7d56b601815b6b6d550d135dba3db3446 Signed-off-by: Bozawglanian, Hagop (hb755d) --- docs/Chapter4/Security.rst | 104 +++++++++++++++++++++++++++------------------ 1 file changed, 62 insertions(+), 42 deletions(-) (limited to 'docs/Chapter4') diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 384f07e..6f3f0b8 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -471,13 +471,6 @@ Identity and Access Management Requirements The VNF **SHOULD** support OAuth 2.0 authorization using an external Authorization Server. -.. req:: - :id: R-48080 - :target: VNF - :keyword: SHOULD - - The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). - .. req:: :id: R-75041 :target: VNF @@ -1015,14 +1008,6 @@ Data Protection Requirements virtual memory. If not possible to disable the paging of the data requiring encryption, the virtual memory should be encrypted. -.. req:: - :id: R-93860 - :target: VNF - :keyword: MUST - - The VNF **MUST** provide the capability to integrate with an - external encryption service. - .. req:: :id: R-73067 :target: VNF @@ -1063,59 +1048,98 @@ Data Protection Requirements versions of cryptographic algorithms and protocols with minimal impact. .. req:: - :id: R-44723 + :id: R-95864 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** use symmetric keys of at least 112 bits in length. + The VNF **MUST** support digital certificates that comply with X.509 + standards. .. req:: - :id: R-25401 + :id: R-12110 + :target: VNF + :keyword: MUST NOT + + The VNF **MUST NOT** use keys generated or derived from + predictable functions or values, e.g., values considered predictable + include user identity information, time of day, stored/transmitted data. + +.. req:: + :id: R-69610 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** use asymmetric keys of at least 2048 bits in length. + The VNF **MUST** provide the capability of using X.509 certificates + issued by an external Certificate Authority. .. req:: - :id: R-95864 + :id: R-47204 :target: VNF :keyword: MUST :updated: casablanca - The VNF **MUST** support digital certificates that comply with X.509 - standards. + The VNF **MUST** be capable of protecting the confidentiality and integrity + of data at rest and in transit from unauthorized access and modification. + + +VNF Cryptography Requirements +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This section covers VNF cryptography requirements that are mostly +applicable to encryption or protocol meethods. .. req:: - :id: R-12110 + :id: R-48080 :target: VNF - :keyword: MUST NOT + :keyword: SHOULD + :updated: casablanca - The VNF **MUST NOT** use keys generated or derived from - predictable functions or values, e.g., values considered predictable - include user identity information, time of day, stored/transmitted data. + The VNF **SHOULD** support an automated certificate management protocol + such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or + Automated Certificate Management Environment (ACME). .. req:: - :id: R-52060 + :id: R-93860 + :target: VNF + :keyword: SHOULD + :updated: casablanca + + The VNF **SHOULD** provide the capability to integrate with an + external encryption service. + +.. req:: + :id: R-44723 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** provide the capability to configure encryption - algorithms or devices so that they comply with the laws of the jurisdiction - in which there are plans to use data encryption. + The VNF **MUST** use symmetric keys of at least 112 bits in length. .. req:: - :id: R-69610 + :id: R-25401 :target: VNF :keyword: MUST :updated: casablanca - The VNF **MUST** provide the capability of using X.509 certificates - issued by an external Certificate Authority. + The VNF **MUST** use asymmetric keys of at least 2048 bits in length. + +.. req:: + :id: R-52060 + :target: VNF + :keyword: MUST + :updated: casablanca + + The VNF **MUST** provide the capability to configure encryption + algorithms or devices so that they comply with the laws of the jurisdiction + in which there are plans to use data encryption. .. req:: :id: R-83500 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of allowing certificate renewal and revocation. @@ -1124,6 +1148,7 @@ Data Protection Requirements :id: R-29977 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the CA signature on the certificate. @@ -1132,6 +1157,7 @@ Data Protection Requirements :id: R-24359 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the date the certificate is being @@ -1141,6 +1167,7 @@ Data Protection Requirements :id: R-39604 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by checking the Certificate Revocation @@ -1151,16 +1178,9 @@ Data Protection Requirements :id: R-75343 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** provide the capability of testing the validity of a digital certificate by recognizing the identity represented by the certificate - the "distinguished name". -.. req:: - :id: R-47204 - :target: VNF - :keyword: MUST - :updated: casablanca - - The VNF **MUST** be capable of protecting the confidentiality and integrity - of data at rest and in transit from unauthorized access and modification. \ No newline at end of file -- cgit 1.2.3-korg