Level Definitions
Project-level requirements
- Level 0: None
- Level 1: CII Passing badge
- Including no critical and high known vulnerabilities > 60 days old
- Level 2: CII Silver badge, plus:
- All internal/external system communications shall be able to be encrypted.
- All internal/external service calls shall have common role-based access control and authorization using CADI framework.
- Level 3: CII Gold badge
ONAP Platform-level requirements per release
- Level 1: 70 % of the projects passing the level 1
- with the non-passing projects reaching 80% passing level
- Non-passing projects MUST pass specific cryptography criteria outlined by the Security Subcommittee*
- Level 2: 70 % of the projects passing silver
- with non-silver projects:
- completed passing level and 80% towards silver level
- internal/external system communications shall be able to be encrypted
- with non-silver projects:
- Level 3: 70% of the projects passing gold
- with non-gold projects achieving silver level and achieving 80% towards gold level
- Level 4: 100 % passing gold.
...
- Platform Level 2
- Additional recommendations:
- All projects SHOULD migrate from the Jackson Data Processor packages to the GSON packages unless the Jackson dependency is inherited from an outside project such as ODL.
All projects SHOULD provide the ability to turn on and turn off Secure communication. Secure communication is on by default.
Guidance for Implementation
- Refer to the Security Subcommittee
Contacts
- Refer to the Security Subcommittee
...