The VNF **SHOULD** support OAuth 2.0 authorization using an external
Authorization Server.
-.. req::
- :id: R-48080
- :target: VNF
- :keyword: SHOULD
-
- The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol).
-
.. req::
:id: R-75041
:target: VNF
virtual memory. If not possible to disable the paging of the data
requiring encryption, the virtual memory should be encrypted.
-.. req::
- :id: R-93860
- :target: VNF
- :keyword: MUST
-
- The VNF **MUST** provide the capability to integrate with an
- external encryption service.
-
.. req::
:id: R-73067
:target: VNF
versions of cryptographic algorithms and protocols with minimal impact.
.. req::
- :id: R-44723
+ :id: R-95864
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** use symmetric keys of at least 112 bits in length.
+ The VNF **MUST** support digital certificates that comply with X.509
+ standards.
.. req::
- :id: R-25401
+ :id: R-12110
+ :target: VNF
+ :keyword: MUST NOT
+
+ The VNF **MUST NOT** use keys generated or derived from
+ predictable functions or values, e.g., values considered predictable
+ include user identity information, time of day, stored/transmitted data.
+
+.. req::
+ :id: R-69610
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** use asymmetric keys of at least 2048 bits in length.
+ The VNF **MUST** provide the capability of using X.509 certificates
+ issued by an external Certificate Authority.
.. req::
- :id: R-95864
+ :id: R-47204
:target: VNF
:keyword: MUST
:updated: casablanca
- The VNF **MUST** support digital certificates that comply with X.509
- standards.
+ The VNF **MUST** be capable of protecting the confidentiality and integrity
+ of data at rest and in transit from unauthorized access and modification.
+
+
+VNF Cryptography Requirements
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This section covers VNF cryptography requirements that are mostly
+applicable to encryption or protocol meethods.
.. req::
- :id: R-12110
+ :id: R-48080
:target: VNF
- :keyword: MUST NOT
+ :keyword: SHOULD
+ :updated: casablanca
- The VNF **MUST NOT** use keys generated or derived from
- predictable functions or values, e.g., values considered predictable
- include user identity information, time of day, stored/transmitted data.
+ The VNF **SHOULD** support an automated certificate management protocol
+ such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or
+ Automated Certificate Management Environment (ACME).
.. req::
- :id: R-52060
+ :id: R-93860
+ :target: VNF
+ :keyword: SHOULD
+ :updated: casablanca
+
+ The VNF **SHOULD** provide the capability to integrate with an
+ external encryption service.
+
+.. req::
+ :id: R-44723
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** provide the capability to configure encryption
- algorithms or devices so that they comply with the laws of the jurisdiction
- in which there are plans to use data encryption.
+ The VNF **MUST** use symmetric keys of at least 112 bits in length.
.. req::
- :id: R-69610
+ :id: R-25401
:target: VNF
:keyword: MUST
:updated: casablanca
- The VNF **MUST** provide the capability of using X.509 certificates
- issued by an external Certificate Authority.
+ The VNF **MUST** use asymmetric keys of at least 2048 bits in length.
+
+.. req::
+ :id: R-52060
+ :target: VNF
+ :keyword: MUST
+ :updated: casablanca
+
+ The VNF **MUST** provide the capability to configure encryption
+ algorithms or devices so that they comply with the laws of the jurisdiction
+ in which there are plans to use data encryption.
.. req::
:id: R-83500
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of allowing certificate
renewal and revocation.
:id: R-29977
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the validity
of a digital certificate by validating the CA signature on the certificate.
:id: R-24359
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the validity
of a digital certificate by validating the date the certificate is being
:id: R-39604
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the
validity of a digital certificate by checking the Certificate Revocation
:id: R-75343
:target: VNF
:keyword: MUST
+ :updated: casablanca
The VNF **MUST** provide the capability of testing the
validity of a digital certificate by recognizing the identity represented
by the certificate - the "distinguished name".
-.. req::
- :id: R-47204
- :target: VNF
- :keyword: MUST
- :updated: casablanca
-
- The VNF **MUST** be capable of protecting the confidentiality and integrity
- of data at rest and in transit from unauthorized access and modification.
\ No newline at end of file
{
- "created": "2018-09-07T19:37:09.602325",
+ "created": "2018-09-10T17:51:37.025716",
"current_version": "casablanca",
"project": "",
"versions": {
"needs_amount": 750
},
"casablanca": {
- "created": "2018-09-07T19:37:09.602183",
+ "created": "2018-09-10T17:51:37.025645",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.",
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-48080": {
- "description": "The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol).",
+ "description": "The VNF **SHOULD** support an automated certificate management protocol\nsuch as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or\nAutomated Certificate Management Environment (ACME).",
"full_title": "",
"hide_links": "",
"id": "R-48080",
"keyword": "SHOULD",
"links": [],
"notes": "",
- "section_name": "VNF Identity and Access Management Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Identity and Access Management Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"keyword": "MUST",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-93860": {
- "description": "The VNF **MUST** provide the capability to integrate with an\nexternal encryption service.",
+ "description": "The VNF **SHOULD** provide the capability to integrate with an\nexternal encryption service.",
"full_title": "",
"hide_links": "",
"id": "R-93860",
"impacts": "",
"introduced": "",
- "keyword": "MUST",
+ "keyword": "SHOULD",
"links": [],
"notes": "",
- "section_name": "VNF Data Protection Requirements",
+ "section_name": "VNF Cryptography Requirements",
"sections": [
- "VNF Data Protection Requirements",
+ "VNF Cryptography Requirements",
"VNF Security"
],
"status": null,
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-98391": {
- "description": "The VNF **MUST**, if not integrated with the Operator\u2019s Identity and\nAccess Management system, support Role-Based Access Control to enforce\nleast privilege.",
+ "description": "The VNF **MUST**, if not integrated with the Operator's Identity and\nAccess Management system, support Role-Based Access Control to enforce\nleast privilege.",
"full_title": "",
"hide_links": "",
"id": "R-98391",
Code Review / vnfrqts / requirements.git / commitdiff