+R-32695 The VNF **MUST** provide the ability to modify the number of
+retries, the time between retries and the behavior/action taken after
+the retries have been exhausted for exception handling to allow the
+NCSP to control that behavior, where the interface and/or functional
+specification allows for altering behaviour.
+
+R-48356 The VNF **MUST** fully exploit exception handling to the extent
+that resources (e.g., threads and memory) are released when no longer
+needed regardless of programming language.
+
+R-67918 The VNF **MUST** handle replication race conditions both locally
+and geo-located in the event of a data base instance failure to maintain
+service continuity.
+
+R-36792 The VNF **MUST** automatically retry/resubmit failed requests
+made by the software to its downstream system to increase the success rate.
+
+R-70013 The VNF **MUST NOT** require any manual steps to get it ready for
+service after a container rebuild.
+
+R-65515 The VNF **MUST** provide a mechanism and tool to start VNF
+containers (VMs) without impacting service or service quality assuming
+another VNF in same or other geographical location is processing service
+requests.
+
+R-94978 The VNF **MUST** provide a mechanism and tool to perform a graceful
+shutdown of all the containers (VMs) in the VNF without impacting service
+or service quality assuming another VNF in same or other geographical
+location can take over traffic and process service requests.
+
+R-22059 The VNF **MUST NOT** execute long running tasks (e.g., IO,
+database, network operations, service calls) in a critical section
+of code, so as to minimize blocking of other operations and increase
+concurrent throughput.
+
+R-63473 The VNF **MUST** automatically advertise newly scaled
+components so there is no manual intervention required.
+
+R-74712 The VNF **MUST** utilize FQDNs (and not IP address) for
+both Service Chaining and scaling.
+
+R-41159 The VNF **MUST** deliver any and all functionality from any
+VNFC in the pool (where pooling is the most suitable solution). The
+VNFC pool member should be transparent to the client. Upstream and
+downstream clients should only recognize the function being performed,
+not the member performing it.
+
+R-85959 The VNF **SHOULD** automatically enable/disable added/removed
+sub-components or component so there is no manual intervention required.
+
+R-06885 The VNF **SHOULD** support the ability to scale down a VNFC pool
+without jeopardizing active sessions. Ideally, an active session should
+not be tied to any particular VNFC instance.
+
+R-12538 The VNF **SHOULD** support load balancing and discovery
+mechanisms in resource pools containing VNFC instances.
+
+R-98989 The VNF **SHOULD** utilize resource pooling (threads,
+connections, etc.) within the VNF application so that resources
+are not being created and destroyed resulting in resource management
+overhead.
+
+R-55345 The VNF **SHOULD** use techniques such as “lazy loading” when
+initialization includes loading catalogues and/or lists which can grow
+over time, so that the VNF startup time does not grow at a rate
+proportional to that of the list.
+
+R-35532 The VNF **SHOULD** release and clear all shared assets (memory,
+database operations, connections, locks, etc.) as soon as possible,
+especially before long running sync and asynchronous operations, so as
+to not prevent use of these assets by other entities.
+
+R-77334 The VNF **MUST** allow configurations and configuration parameters
+to be managed under version control to ensure consistent configuration
+deployment, traceability and rollback.
+
+R-99766 The VNF **MUST** allow configurations and configuration parameters
+to be managed under version control to ensure the ability to rollback to
+a known valid configuration.
+
+R-73583 The VNF **MUST** allow changes of configuration parameters
+to be consumed by the VNF without requiring the VNF or its sub-components
+to be bounced so that the VNF availability is not effected.
+
+R-21558 The VNF **SHOULD** use intelligent routing by having knowledge
+of multiple downstream/upstream endpoints that are exposed to it, to
+ensure there is no dependency on external services (such as load balancers)
+to switch to alternate endpoints.
+
+R-08315 The VNF **SHOULD** use redundant connection pooling to connect
+to any backend data source that can be switched between pools in an
+automated/scripted fashion to ensure high availability of the connection
+to the data source.
+
+R-27995 The VNF **SHOULD** include control loop mechanisms to notify
+the consumer of the VNF of their exceeding SLA thresholds so the consumer
+is able to control its load against the VNF.
+
+R-73364 The VNF **MUST** support at least two major versions of the
+VNF software and/or sub-components to co-exist within production
+environments at any time so that upgrades can be applied across
+multiple systems in a staggered manner.
+
+R-02454 The VNF **MUST** support the existence of multiple major/minor
+versions of the VNF software and/or sub-components and interfaces that
+support both forward and backward compatibility to be transparent to
+the Service Provider usage.
+
+R-57855 The VNF **MUST** support hitless staggered/rolling deployments
+between its redundant instances to allow "soak-time/burn in/slow roll"
+which can enable the support of low traffic loads to validate the
+deployment prior to supporting full traffic loads.
+
+R-64445 The VNF **MUST** support the ability of a requestor of the
+service to determine the version (and therefore capabilities) of the
+service so that Network Cloud Service Provider can understand the
+capabilities of the service.
+
+R-56793 The VNF **MUST** test for adherence to the defined performance
+budgets at each layer, during each delivery cycle with delivered
+results, so that the performance budget is measured and the code
+is adjusted to meet performance budget.
+
+R-77667 The VNF **MUST** test for adherence to the defined performance
+budget at each layer, during each delivery cycle so that the performance
+budget is measured and feedback is provided where the performance budget
+is not met.
+
+R-49308 The VNF **SHOULD** test for adherence to the defined resiliency
+rating recommendation at each layer, during each delivery cycle with
+delivered results, so that the resiliency rating is measured and the
+code is adjusted to meet software resiliency requirements.
+
+R-16039 The VNF **SHOULD** test for adherence to the defined
+resiliency rating recommendation at each layer, during each
+delivery cycle so that the resiliency rating is measured and
+feedback is provided where software resiliency requirements are
+not met.
+
+R-34957 The VNF **MUST** provide a method of metrics gathering for each
+layer's performance to identify/document variances in the allocations so
+they can be addressed.
+
+R-49224 The VNF **MUST** provide unique traceability of a transaction
+through its life cycle to ensure quick and efficient troubleshooting.
+
+R-52870 The VNF **MUST** provide a method of metrics gathering
+and analysis to evaluate the resiliency of the software from both
+a granular as well as a holistic standpoint. This includes, but is
+not limited to thread utilization, errors, timeouts, and retries.
+
+R-92571 The VNF **MUST** provide operational instrumentation such as
+logging, so as to facilitate quick resolution of issues with the VNF to
+provide service continuity.
+
+R-48917 The VNF **MUST** monitor for and alert on (both sender and
+receiver) errant, running longer than expected and missing file transfers,
+so as to minimize the impact due to file transfer errors.
+
+R-28168 The VNF **SHOULD** use an appropriately configured logging
+level that can be changed dynamically, so as to not cause performance
+degradation of the VNF due to excessive logging.
+
+R-87352 The VNF **SHOULD** utilize Cloud health checks, when available
+from the Network Cloud, from inside the application through APIs to check
+the network connectivity, dropped packets rate, injection, and auto failover
+to alternate sites if needed.
+
+R-16560 The VNF **SHOULD** conduct a resiliency impact assessment for all
+inter/intra-connectivity points in the VNF to provide an overall resiliency
+rating for the VNF to be incorporated into the software design and
+development of the VNF.
+
+VNF Security
+~~~~~~~~~~~~~~
+
+R-23740 The VNF **MUST** accommodate the security principle of
+“least privilege” during development, implementation and operation.
+The importance of “least privilege” cannot be overstated and must be
+observed in all aspects of VNF development and not limited to security.
+This is applicable to all sections of this document.
+
+R-61354 The VNF **MUST** implement access control list for OA&M
+services (e.g., restricting access to certain ports or applications).
+
+R-85633 The VNF **MUST** implement Data Storage Encryption
+(database/disk encryption) for Sensitive Personal Information (SPI)
+and other subscriber identifiable data. Note: subscriber’s SPI/data
+must be encrypted at rest, and other subscriber identifiable data
+should be encrypted at rest. Other data protection requirements exist
+and should be well understood by the developer.
+
+R-92207 The VNF **SHOULD** implement a mechanism for automated and
+frequent "system configuration (automated provisioning / closed loop)"
+auditing.
+
+R-23882 The VNF **SHOULD** be scanned using both network scanning
+and application scanning security tools on all code, including underlying
+OS and related configuration. Scan reports shall be provided. Remediation
+roadmaps shall be made available for any findings.
+
+R-46986 The VNF **SHOULD** have source code scanned using scanning
+tools (e.g., Fortify) and provide reports.
+
+R-55830 The VNF **MUST** distribute all production code from NCSP
+internal sources only. No production code, libraries, OS images, etc.
+shall be distributed from publically accessible depots.
+
+R-99771 The VNF **MUST** provide all code/configuration files in a
+"Locked down" or hardened state or with documented recommendations for
+such hardening. All unnecessary services will be disabled. VNF provider
+default credentials, community strings and other such artifacts will be
+removed or disclosed so that they can be modified or removed during
+provisioning.
+
+R-19768 The VNF **SHOULD** support L3 VPNs that enable segregation of
+traffic by application (dropping packets not belonging to the VPN) (i.e.,
+AVPN, IPSec VPN for Internet routes).
+
+R-33981 The VNF **SHOULD** interoperate with various access control
+mechanisms for the Network Cloud execution environment (e.g.,
+Hypervisors, containers).
+
+R-40813 The VNF **SHOULD** support the use of virtual trusted platform
+module, hypervisor security testing and standards scanning tools.
+
+R-56904 The VNF **MUST** interoperate with the ONAP (SDN) Controller so that
+it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual
+routing and forwarding rules.
+
+R-26586 The VNF **SHOULD** support the ability to work with aliases
+(e.g., gateways, proxies) to protect and encapsulate resources.
+
+R-49956 The VNF **MUST** pass all access to applications (Bearer,
+signaling and OA&M) through various security tools and platforms from
+ACLs, stateful firewalls and application layer gateways depending on
+manner of deployment. The application is expected to function (and in
+some cases, interwork) with these security tools.
+
+R-69649 The VNF **MUST** have all vulnerabilities patched as soon
+as possible. Patching shall be controlled via change control process
+with vulnerabilities disclosed along with mitigation recommendations.
+
+R-78010 The VNF **MUST** use the NCSP’s IDAM API for Identification,
+authentication and access control of customer or VNF application users.
+
+R-42681 The VNF **MUST** use the NCSP’s IDAM API or comply with
+the requirements if not using the NCSP’s IDAM API, for identification,
+authentication and access control of OA&M and other system level
+functions.
+
+R-68589 The VNF **MUST**, if not using the NCSP’s IDAM API, support
+User-IDs and passwords to uniquely identify the user/application. VNF
+needs to have appropriate connectors to the Identity, Authentication
+and Authorization systems that enables access at OS, Database and
+Application levels as appropriate.
+
+R-52085 The VNF **MUST**, if not using the NCSP’s IDAM API, provide
+the ability to support Multi-Factor Authentication (e.g., 1st factor =
+Software token on device (RSA SecureID); 2nd factor = User Name+Password,
+etc.) for the users.
+
+R-98391 The VNF **MUST**, if not using the NCSP’s IDAM API, support
+Role-Based Access Control to permit/limit the user/application to
+performing specific activities.
+
+R-63217 The VNF **MUST**, if not using the NCSP’s IDAM API, support
+logging via ONAP for a historical view of “who did what and when”.
+
+R-62498 The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt
+OA&M access (e.g., SSH, SFTP).
+
+R-79107 The VNF **MUST**, if not using the NCSP’s IDAM API, enforce
+a configurable maximum number of Login attempts policy for the users.
+VNF provider must comply with "terminate idle sessions" policy.
+Interactive sessions must be terminated, or a secure, locking screensaver
+must be activated requiring authentication, after a configurable period
+of inactivity. The system-based inactivity timeout for the enterprise
+identity and access management system must also be configurable.
+
+R-35144 The VNF **MUST**, if not using the NCSP’s IDAM API, comply
+with the NCSP’s credential management policy.
+
+R-75041 The VNF **MUST**, if not using the NCSP’s IDAM API, expire
+passwords at regular configurable intervals.
+
+R-46908 The VNF **MUST**, if not using the NCSP’s IDAM API, comply
+with "password complexity" policy. When passwords are used, they shall
+be complex and shall at least meet the following password construction
+requirements: (1) be a minimum configurable number of characters in
+length, (2) include 3 of the 4 following types of characters:
+upper-case alphabetic, lower-case alphabetic, numeric, and special,
+(3) not be the same as the UserID with which they are associated or
+other common strings as specified by the environment, (4) not contain
+repeating or sequential characters or numbers, (5) not to use special
+characters that may have command functions, and (6) new passwords must
+not contain sequences of three or more characters from the previous
+password.
+
+R-39342 The VNF **MUST**, if not using the NCSP’s IDAM API, comply
+with "password changes (includes default passwords)" policy. Products
+will support password aging, syntax and other credential management
+practices on a configurable basis.
+
+R-40521 The VNF **MUST**, if not using the NCSP’s IDAM API, support
+use of common third party authentication and authorization tools such
+as TACACS+, RADIUS.
+
+R-41994 The VNF **MUST**, if not using the NCSP’s IDAM API, comply
+with "No Self-Signed Certificates" policy. Self-signed certificates
+must be used for encryption only, using specified and approved
+encryption protocols such as TLS 1.2 or higher or equivalent security
+protocols such as IPSec, AES.
+
+R-23135 The VNF **MUST**, if not using the NCSP’s IDAM API,
+authenticate system to system communications where one system
+accesses the resources of another system, and must never conceal
+individual accountability.
+
+R-95105 The VNF **MUST** host connectors for access to the application
+layer.
+
+R-45496 The VNF **MUST** host connectors for access to the OS
+(Operating System) layer.
+
+R-05470 The VNF **MUST** host connectors for access to the database layer.
+
+R-99174 The VNF **MUST** comply with Individual Accountability
+(each person must be assigned a unique ID) when persons or non-person
+entities access VNFs.
+
+R-42874 The VNF **MUST** comply with Least Privilege (no more
+privilege than required to perform job functions) when persons
+or non-person entities access VNFs.
+
+R-71787 The VNF **MUST** comply with Segregation of Duties (access to a
+single layer and no developer may access production without special
+oversight) when persons or non-person entities access VNFs.
+
+R-86261 The VNF **MUST NOT** allow VNF provider access to VNFs remotely.
+
+R-49945 The VNF **MUST** authorize VNF provider access through a
+client application API by the client application owner and the resource
+owner of the VNF before provisioning authorization through Role Based
+Access Control (RBAC), Attribute Based Access Control (ABAC), or other
+policy based mechanism.
+
+R-31751 The VNF **MUST** subject VNF provider access to privilege
+reconciliation tools to prevent access creep and ensure correct
+enforcement of access policies.