...
Requirement: R-931076
The VNF MUST support account names that contain at least A-Z, a-z, 0-9 character sets and be at least 6 characters in length.
Requirement: R-86835
The VNF MUST set the default settings for user access to deny authorization, except for a super user type of account. When a VNF is added to the network, nothing should be able to use it until the super user configures the VNF to allow other users (human and application) have access.
Access Management
Requirement: R-42874
The VNF MUST allow the Operator to restrict access based on the assigned permissions associated with an ID in order to support Least Privilege (no more privilege than required to perform job functions).
...
The VNF MUST NOT allow the assumption of the permissions of another account to mask individual accountability. For example, use SUDO when a user requires elevated permissions such as root or admin.Requirement: R-86835
The VNF MUST set the default settings for user access to deny authorization, except for a super user type of account. When a VNF is added to the network, nothing should be able to use it until the super user configures the VNF to allow other users (human and application) have access.
Requirement: R-81147
The VNF MUST support strong authentication, also known as multifactor authentication, on all protected interfaces exposed by the VNF for use by human users. Strong authentication uses at least two of the three different types of authentication factors in order to prove the claimed identity of a user.
...