Page Status:
Component Status:
...
- ONAP API and data security conformance
- Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurations
- Does the component have AAF dependencies? If so, describe the current dependencies and a migration plan to remove the dependancies
- How does the component support authentication and authorization of its clients (Humans, other applications)?
- Describe the component data protection
- Data storage location/mechanism
- Data protection plan, such as data at rest, data-level access control, data in transit, others
- User sensitive data handling
- Describe the component Service Mesh conformance / plan for secure communications, routing, authentication and authorization configurations
- Describe the component / container hardening
- The component must run as non-root-based users. Does the component use non-root-access only? Otherwise, describe the reasons and non-root-access support plans
- Does the component container require privilege access/right? If so, describe the reasons and migration plans
- Is the component image signed digitally for integrity? (TBD)
- Does the component use the basic image to conform to the global requirement
Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key REQ-1073 - Does the component follow the K8s hardening guide? e.g., from NSA, https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
- Describe the component logging conformance
- Does the component conform to the Log field standards best practice,
? If not, please describe the reasons and support plans.Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key REQ-1072 - Does the component exclude user sensitive data (e.g., password, private key, other credentials) from logging? If not, please describe the reasons and support plans.
- Does the component support the Logging destination STDOUT / STDERR conformance? If not, please describe the reasons and support plans.
- Does the component conform to the Log field standards best practice,
- Documentation for the component security
- Describe the component security architecture and conformance in the document.
- In addition, the project should fill out a ONAP Security Review Questionnaire Template and review it with SECCOM.
7. Document Changes
8. References
...