From cb971745cdc0a5082ea16bb7ea21756721c95c96 Mon Sep 17 00:00:00 2001
From: "Lovett, Trevor" <trevor.lovett@att.com>
Date: Wed, 7 Nov 2018 08:17:51 -0600
Subject: VNFRQTS Updating security requirements

Change-Id: I71ae46277e1a832b462f37ccdb83159ac5e28033
Issue-ID: VNFRQTS-404
Issue-ID: VNFRQTS-369
Issue-ID: VNFRQTS-323
Issue-ID: VNFRQTS-357
Issue-ID: VNFRQTS-442
Issue-ID: VNFRQTS-485
Signed-off-by: Lovett, Trevor <trevor.lovett@att.com>
---
 docs/Chapter4/Security.rst | 41 ++++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 13 deletions(-)

(limited to 'docs/Chapter4')

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 0b69e8f..25b767e 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -184,12 +184,17 @@ the product's lifecycle.
     SSH, SFTP.
 
 .. req::
-    :id: R-35144
-    :target: VNF
-    :keyword: MUST
+   :id: R-872986
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
 
-    The VNF **MUST**, if not using the NCSP's IDAM API, comply
-    with the NCSP's credential management policy.
+   The VNF **MUST** store Authentication Credentials used to authenticate to
+   other systems encrypted except where there is a technical need to store
+   the password unencrypted in which case it must be protected using other
+   security techniques that include the use of file and directory permissions.
+   Ideally, credentials SHOULD rely on a HW Root of Trust, such as a
+   TPM or HSM.
 
 .. req::
     :id: R-80335
@@ -356,14 +361,6 @@ Identity and Access Management Requirements
     account to mask individual accountability. For example, use SUDO when a
     user requires elevated permissions such as root or admin.
 
-.. req::
-    :id: R-64503
-    :target: VNF
-    :keyword: MUST
-
-    The VNF **MUST** provide minimum privileges for initial
-    and default settings for new user accounts.
-
 .. req::
     :id: R-86835
     :target: VNF
@@ -451,6 +448,15 @@ Identity and Access Management Requirements
     not contain sequences of three or more characters from the previous
     password.
 
+.. req::
+   :id: R-844011
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF MUST not store authentication credentials to itself in clear
+   text or any reversible form and must use salting.
+
 .. req::
     :id: R-79107
     :target: VNF
@@ -1014,6 +1020,15 @@ Security Analytics Requirements
    The VNF **SHOULD** provide the capability of maintaining the integrity of
    its static files using a cryptographic method.
 
+.. req::
+   :id: R-859208
+   :target: VNF
+   :keyword: MUST
+   :introduced: casablanca
+
+   The VNF **MUST** log automated remote activities performed with
+   elevated privileges.
+
 VNF Data Protection Requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-- 
cgit 1.2.3-korg