From 3be95938727c72a4a36c66ff756c759c79439671 Mon Sep 17 00:00:00 2001 From: "Lovett, Trevor (tl2972)" Date: Fri, 21 Sep 2018 09:37:21 -0500 Subject: VNFRQTS - Security logging requirements Change-Id: I68dd17f5930c65961f25fd49e790a44f095dfd2d Issue-ID: VNFRQTS-443 Signed-off-by: Lovett, Trevor (tl2972) --- docs/Chapter4/Security.rst | 15 ++++++- docs/Chapter7/Monitoring-And-Management.rst | 10 +++++ docs/data/needs.json | 67 ++++++++++++++++++++++++++--- 3 files changed, 85 insertions(+), 7 deletions(-) (limited to 'docs') diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 940f1d7..9b4f5f7 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -246,6 +246,17 @@ the product’s lifecycle. The VNF **MUST NOT** allow vendor access to VNFs remotely. +.. req:: + :id: R-638682 + :target: VNF + :keyword: MUST + :introduced: casablanca + :validation_mode: in_service + + The VNF **MUST** log any security event required by the VNF Requirements to + Syslog using LOG_AUTHPRIV for any event that would contain sensitive + information and LOG_AUTH for all other relevant events. + VNF Identity and Access Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -288,10 +299,10 @@ Identity and Access Management Requirements .. req:: :id: R-59391 :target: VNF - :keyword: MUST + :keyword: MUST NOT :updated: casablanca - The VNF MUST NOT not allow the assumption of the permissions of + The VNF **MUST NOT** not allow the assumption of the permissions of another account to mask individual accountability. .. req:: diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst index f3043a7..d622b5a 100755 --- a/docs/Chapter7/Monitoring-And-Management.rst +++ b/docs/Chapter7/Monitoring-And-Management.rst @@ -799,6 +799,16 @@ Asynchronous and Synchronous Data Delivery xNF scaling fields, and syslog fields. Other record types will be added in the future as they become standardized and are made available.) +.. req:: + :id: R-332680 + :target: XNF + :keyword: SHOULD + :impacts: dcae + :validation_mode: in_service + + The xNF **SHOULD** deliver all syslog messages to the VES Collector per the + specifications in Monitoring and Management chapter. + .. req:: :id: R-46290 :target: XNF diff --git a/docs/data/needs.json b/docs/data/needs.json index fdef144..8d6aabc 100644 --- a/docs/data/needs.json +++ b/docs/data/needs.json @@ -1,5 +1,5 @@ { - "created": "2018-09-21T09:04:14.699000", + "created": "2018-09-21T09:36:46.582000", "current_version": "casablanca", "project": "", "versions": { @@ -21858,7 +21858,7 @@ "needs_amount": 750 }, "casablanca": { - "created": "2018-09-21T09:04:14.699000", + "created": "2018-09-21T09:36:46.582000", "needs": { "R-00011": { "description": "A VNF's Heat Orchestration Template's parameter defined\nin a nested YAML file\n**MUST NOT** have a parameter constraint defined.", @@ -28740,6 +28740,35 @@ "validated_by": "", "validation_mode": "" }, + "R-332680": { + "description": "The xNF **SHOULD** deliver all syslog messages to the VES Collector per the\nspecifications in Monitoring and Management chapter.", + "full_title": "", + "hide_links": "", + "id": "R-332680", + "impacts": "dcae", + "introduced": "", + "keyword": "SHOULD", + "links": [], + "notes": "", + "section_name": "Asynchronous and Synchronous Data Delivery", + "sections": [ + "Asynchronous and Synchronous Data Delivery", + "Monitoring & Management Requirements", + "Monitoring & Management" + ], + "status": null, + "tags": [], + "target": "XNF", + "test": "", + "test_case": "", + "test_file": "", + "title": "", + "title_from_content": "", + "type_name": "Requirement", + "updated": "", + "validated_by": "", + "validation_mode": "in_service" + }, "R-33280": { "description": "The xNF **MUST NOT** use any instance specific parameters\nin a playbook.", "full_title": "", @@ -34178,13 +34207,13 @@ "validation_mode": "" }, "R-59391": { - "description": "The VNF MUST NOT not allow the assumption of the permissions of\nanother account to mask individual accountability.", + "description": "The VNF **MUST NOT** not allow the assumption of the permissions of\nanother account to mask individual accountability.", "full_title": "", "hide_links": "", "id": "R-59391", "impacts": "", "introduced": "", - "keyword": "MUST", + "keyword": "MUST NOT", "links": [], "notes": "", "section_name": "VNF Identity and Access Management Requirements", @@ -34920,6 +34949,34 @@ "validated_by": "", "validation_mode": "" }, + "R-638682": { + "description": "The VNF **MUST** log any security event required by the VNF Requirements to\nSyslog using LOG_AUTHPRIV for any event that would contain sensitive\ninformation and LOG_AUTH for all other relevant events.", + "full_title": "", + "hide_links": "", + "id": "R-638682", + "impacts": "", + "introduced": "casablanca", + "keyword": "MUST", + "links": [], + "notes": "", + "section_name": "VNF General Security Requirements", + "sections": [ + "VNF General Security Requirements", + "VNF Security" + ], + "status": null, + "tags": [], + "target": "VNF", + "test": "", + "test_case": "", + "test_file": "", + "title": "", + "title_from_content": "", + "type_name": "Requirement", + "updated": "", + "validated_by": "", + "validation_mode": "in_service" + }, "R-63935": { "description": "The xNF **MUST** release locks to prevent permanent lock-outs\nwhen a user configured timer has expired forcing the NETCONF SSH Session\ntermination (i.e., product must expose a configuration knob for a user\nsetting of a lock expiration timer).", "full_title": "", @@ -42452,7 +42509,7 @@ "validation_mode": "static" } }, - "needs_amount": 723 + "needs_amount": 725 } } } \ No newline at end of file -- cgit 1.2.3-korg