"The project MUST have performed a security review within the last 5 years. This review MUST consider the security requirements and security boundary." – Best Practices Badging Criterion
...
| Your Answer-Please Describe | SECCOM Feedback / Recommendations |
|---|---|
None available CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable Configuration Persistence Service Project#CPSSECURITYREQUIREMENTS | Please add a statement about this to the end of your architecture document (or in another wiki page), with a heading such as "CPS Security Requirements." |
...
| Your Answers-Please Explain | SECCOM Feedback / Recommendations |
|---|---|
CPS has not switched to HTTPS but the plan is to switch to enabling service mesh which should take care of HTTPS/TLS encapsulation. Currently, CPS is compliant and compatible with the ongoing service mesh implementation (see https://gerrit.onap.org/r/c/oom/+/124287) for ONAP. CPS service port names has been changed to include http in name |
Crypto Credential Agility
...