:id: R-23740
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** accommodate the security principle of
- "least privilege" during development, implementation and operation.
- The importance of "least privilege" cannot be overstated and must be
- observed in all aspects of VNF development and not limited to security.
- This is applicable to all sections of this document.
+ The VNF **MUST** implement and enforce the principle of least privilege
+ on all protected interfaces.
.. req::
:id: R-61354
:id: R-19768
:target: VNF
:keyword: SHOULD
+ :updated: casablanca
- The VNF **SHOULD** support L3 VPNs that enable segregation of
- traffic by application (dropping packets not belonging to the VPN) (i.e.,
- AVPN, IPSec VPN for Internet routes).
+ The VNF **SHOULD** support Layer 3 VPNs that enable segregation of
+ traffic by application (i.e., AVPN, IPSec VPN for Internet routes).
.. req::
:id: R-33981
:id: R-40813
:target: VNF
:keyword: SHOULD
+ :updated: casablanca
The VNF **SHOULD** support the use of virtual trusted platform
- module, hypervisor security testing and standards scanning tools.
+ module.
.. req::
:id: R-56904
:id: R-62498
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST**, if not using the NCSPs IDAM API, encrypt
- OA&M access (e.g., SSH, SFTP).
+ The VNF **MUST** support encrypted access protocols, e.g., TLS,
+ SSH, SFTP.
.. req::
:id: R-79107
:id: R-99174
:target: VNF
:keyword: MUST
+ :updated: casablanca
- The VNF **MUST** comply with Individual Accountability
- (each person must be assigned a unique ID) when persons or non-person
- entities access VNFs.
+ The VNF **MUST** allow the creation of multiple IDs so that
+ individual accountability can be supported.
.. req::
:id: R-42874
{
- "created": "2018-08-30T17:31:35.004923",
+ "created": "2018-08-30T21:56:21.449389",
"current_version": "casablanca",
"project": "",
"versions": {
"casablanca": {
- "created": "2018-08-30T17:31:35.004799",
+ "created": "2018-08-30T21:56:21.449234",
"needs": {
"R-00011": {
"description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.",
"validation_mode": ""
},
"R-19768": {
- "description": "The VNF **SHOULD** support L3 VPNs that enable segregation of\ntraffic by application (dropping packets not belonging to the VPN) (i.e.,\nAVPN, IPSec VPN for Internet routes).",
+ "description": "The VNF **SHOULD** support Layer 3 VPNs that enable segregation of\ntraffic by application (i.e., AVPN, IPSec VPN for Internet routes).",
"full_title": "",
"hide_links": "",
"id": "R-19768",
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-23740": {
- "description": "The VNF **MUST** accommodate the security principle of\n\"least privilege\" during development, implementation and operation.\nThe importance of \"least privilege\" cannot be overstated and must be\nobserved in all aspects of VNF development and not limited to security.\nThis is applicable to all sections of this document.",
+ "description": "The VNF **MUST** implement and enforce the principle of least privilege\non all protected interfaces.",
"full_title": "",
"hide_links": "",
"id": "R-23740",
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-40813": {
- "description": "The VNF **SHOULD** support the use of virtual trusted platform\nmodule, hypervisor security testing and standards scanning tools.",
+ "description": "The VNF **SHOULD** support the use of virtual trusted platform\nmodule.",
"full_title": "",
"hide_links": "",
"id": "R-40813",
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-62498": {
- "description": "The VNF **MUST**, if not using the NCSPs IDAM API, encrypt\nOA&M access (e.g., SSH, SFTP).",
+ "description": "The VNF **MUST** support encrypted access protocols, e.g., TLS,\nSSH, SFTP.",
"full_title": "",
"hide_links": "",
"id": "R-62498",
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
"validation_mode": ""
},
"R-99174": {
- "description": "The VNF **MUST** comply with Individual Accountability\n(each person must be assigned a unique ID) when persons or non-person\nentities access VNFs.",
+ "description": "The VNF **MUST** allow the creation of multiple IDs so that\nindividual accountability can be supported.",
"full_title": "",
"hide_links": "",
"id": "R-99174",
"title": "",
"title_from_content": "",
"type_name": "Requirement",
- "updated": "",
+ "updated": "casablanca",
"validated_by": "",
"validation_mode": ""
},
Code Review / vnfrqts / requirements.git / commitdiff